Cyber Incident Victim: Covisian
Date:
Oct 2022
Location:
Italy
Summary
An Italian business services firm, Covisian, experienced a ransomware attack causing significant operational disruption described internally as "chaos." The company promptly initiated incident response procedures and notified stakeholders of its intent to resolve the issue swiftly. As a major provider to financial, energy, retail, and telecommunications sectors with substantial revenue growth through acquisitions, the incident threatened critical infrastructure supporting these industries. While the attackers' identity remained unconfirmed, the ransomware typically encrypts data and disrupts systems, often accompanied by threats to leak exfiltrated information if ransoms go unpaid. The firm engaged external cyber threat intelligence resources for underground monitoring while managing recovery efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Italian company Covisian S.r.l. experienced a ransomware attack around late September or early October 2022, with reports emerging publicly by October 6. Initial anonymous emails received by Red Hot Cyber described the organization as being "in chaos" following the cybersecurity incident, which reportedly occurred during the preceding week. The attack disrupted normal operations, though specific affected systems or business units were not detailed in available reports. Covisian, a rapidly growing firm that had acquired seven companies over nine years with projected 2021 revenues of €400 million, serves major clients across financial services, energy, telecommunications, retail, and media sectors. Company sources indicated internal notifications were promptly issued following detection, with management expressing commitment to rapid resolution of the incident.
Red Hot Cyber attempted to obtain official confirmation and details from Covisian through direct email inquiries but received no substantive response prior to publication. The cybersecurity outlet deployed its threat intelligence team to monitor underground forums for potential data leaks or attacker communications related to the breach. While ransomware typically involves data encryption and extortion demands – often followed by double extortion tactics threatening data publication – no confirmation emerged regarding whether Covisian's attackers exfiltrated data or made specific ransom demands. The company's restoration efforts faced inherent challenges common to ransomware recovery, including potential data loss and system restoration complexities, particularly if backups were compromised or unavailable. Operational impacts persisted during the immediate aftermath as Covisian worked to contain the incident and restore normal business functions across its multinational operations.