Cyber Incident Victim: Tirrena Scavi S.p.A.

On or around February 16, 2021, Tirrena Scavi S.p.A., an Italian construction company headquartered in Massarosa, Lucca province, experienced a ransomware cyberattack. The company, operational since 1973, specialized in civil engineering, aqueduct construction, and industrial building projects across multiple countries, maintaining five subsidiaries in Albania, Armenia, North Macedonia, and Romania. With reported 2019 revenues exceeding $53 million, the firm represented a significant target for cybercriminals. The Conti ransomware group claimed responsibility for the attack, subsequently publishing over 11 GB of stolen company documents on its dark web leak site. This data exposure occurred shortly before public reporting of the incident, indicating rapid escalation following the initial compromise. The breach exposed sensitive corporate information, though specific document types or operational disruptions were not detailed in available sources.

The attack’s public disclosure emerged through independent cybersecurity monitoring rather than an official company statement. Journalistic inquiries sent to Tirrena Scavi S.p.A. requesting comment yielded no immediate response, leaving the extent of internal impact assessments and remediation efforts unverified at the time of reporting. Conti’s publication of substantial data volumes suggested successful exfiltration prior to encryption, a common double-extortion tactic employed by ransomware groups during this period. The company’s international operations across four countries implied potential cross-border data protection implications, though jurisdictional specifics remained undocumented. No financial demands, payment status, or data recovery timelines were confirmed in available reporting. The incident highlighted vulnerabilities in the construction sector’s cybersecurity posture while underscoring Conti’s continued targeting of mid-sized enterprises with multinational footprints.