Cyber Incident Victim: Civitavecchia Servizi Pubblici
Date:
Apr 2022
Location:
Italy
Summary
A ransomware attack attributed to the Eking variant disrupted all IT systems of Civitavecchia Servizi Pubblici, forcing the suspension of operational activities. The incident prompted immediate recovery efforts by security personnel, including forensic analysis to determine intrusion methods and coordination with law enforcement authorities. The organization emphasized its prior investments in advanced backup systems and cybersecurity research, with leadership asserting no personal data was compromised during the incident. Full operational restoration was anticipated within a short timeframe.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 15, 2022, Civitavecchia Servizi Pubblici (CSP) experienced a disruptive cyberattack involving Eking Ransomware, described as one of the most potent malware variants. The attack compromised the company's IT infrastructure, forcing a complete shutdown of all computer systems. This disruption necessitated the suspension of all operational activities for the day. Management responded by activating incident response protocols, with the Security Manager leading efforts to restore systems and investigate the intrusion vector. Authorities were notified, including the Postal Police, to support forensic analysis and legal proceedings. The incident caused immediate operational paralysis across CSP's services, though the full scope of affected internal systems remained unspecified in initial reports.
CSP had recently implemented sophisticated backup systems and advanced procedures as part of its security investments, particularly in research and development. These measures were designed to ensure data integrity, a point emphasized by CSP President Fabrizio Lungarini, who publicly asserted that no personal data had been exfiltrated during the breach. Recovery efforts focused on leveraging these resilience measures to expedite service restoration, with expectations of resuming full operations swiftly. The attack's financial and reputational consequences were not quantified, but the public assurance regarding data protection aimed to mitigate stakeholder concerns. Business continuity plans appeared prioritized, though technical specifics about ransomware eradication and infrastructure hardening were not disclosed.