Cyber Incident Victim: Municipio di Rho

The Municipality of Rho experienced a disruptive cyberattack first detected on or around March 30, 2021, coinciding with a similar incident affecting the Municipality of Brescia. Unknown threat actors compromised Rho's network infrastructure, causing significant operational damage that prevented the delivery of standard municipal services. Critical citizen-facing platforms, including the Quic – Sportello del Cittadino (Citizen's Desk) portal, became unavailable due to the attack. Municipal authorities confirmed the breach through an official notice published on April 1, emphasizing that existing antivirus and cybersecurity systems failed to prevent the intrusion. Service disruptions persisted through the Easter holiday period, with technicians urgently working to restore technological systems and online procedures. The municipality planned to file formal complaints with law enforcement agencies but did not publicly identify suspects during the initial response phase.

Technical recovery efforts focused on repairing damaged network components and restoring full operational capacity to affected systems. While the Brescia attack was later attributed to DoppelPaymer ransomware operators using Cryptolocker malware, Rho's incident documentation did not explicitly confirm the same threat actor or malware variant. Both municipalities issued nearly identical public statements regarding attack timelines, operational impacts, and response measures, though no evidence confirmed shared IT infrastructure between them. The Rho attack notably impaired digital citizen services during a holiday period when administrative closures could compound delays. No data theft or financial demands were disclosed in available reports, with damage primarily characterized as network disruption requiring reconstruction. Restoration timelines remained contingent on technical remediation progress rather than predetermined deadlines.