Cyber Incident Victim: Comune di Rosignano Marittimo

On October 5, 2022, between approximately 6:00 AM and 8:00 AM, the Municipality of Rosignano Marittimo in Tuscany suffered a ransomware attack targeting its IT infrastructure. Technical staff from the UO Sistemi Informativi detected anomalies after employees reported login failures across workstations, prompting immediate containment measures. Personnel powered down all servers as a precaution against malware propagation and disconnected the municipal network from the internet to prevent data exfiltration. Initial investigations revealed the incident involved highly sophisticated ransomware deployed for financial extortion, contrasting with a 2013 hacktivist attack against the same municipality. External IT provider TDGroup provided telephonic support during the emergency response. By late morning, forensic analysis confirmed attackers had compromised daily online backups stored within the network, rendering them encrypted and unusable for recovery.

Response teams attempted restoration using the most recent offline backup stored on an external drive, successfully rebuilding one login server for initial testing. This isolated server remained under observation to verify malware eradication while the central infrastructure stayed powered off and disconnected. Critical services including email systems and network access remained inoperable, disrupting municipal operations and public-facing functions. The administration issued formal apologies for service interruptions via their official website on the same day, acknowledging an indeterminate recovery timeline. No evidence emerged regarding data theft, though the attack’s sophistication prevented immediate identification of the malware strain. Restoration efforts prioritized securing clean backups and phased reactivation of systems under external cybersecurity guidance, with full operational restoration pending further forensic analysis and system validation.