Cyber Incident Victim: Bontà Viva
Date:
Mar 2023
Location:
Italy
Summary
The Italian dairy producer Bontà Viva suffered a LockBit 3.0 ransomware attack involving data encryption and theft, with attackers threatening to release stolen information unless a ransom was paid. The LockBit group initiated a 12-day countdown for potential data publication on their leak site but did not offer extensions or provide data samples. Operational disruptions occurred as systems were rendered inaccessible. LockBit employs a ransomware-as-a-service model, facilitating affiliates to conduct attacks for profit while extorting victims through double extortion tactics—encrypting data and threatening its public release. The incident impacted the company's IT infrastructure, demanding specialized recovery efforts amid risks of permanent data loss.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around March 11, 2023, the LockBit 3.0 ransomware group publicly claimed responsibility for a cyberattack targeting Bontà Viva, an Italian fresh dairy products manufacturer based in Borso del Grappa. The attackers announced a 12-day countdown timer on their data leak site (DLS), threatening to publish exfiltrated company data by March 23 at 22:55 UTC unless ransom demands were met. LockBit's post specifically referenced Bontà Viva's product line of cow milk cheeses containing mozzarella and cream, indicating prior reconnaissance of the company's operations. The ransomware operators did not extend the countdown period or publish data samples at the time of disclosure, contrary to some prior LockBit engagements with other victims. No financial demands or encryption impact details were publicly disclosed, though standard LockBit operations typically involve both data encryption and double-extortion tactics.
Bontà Viva, operating under French dairy cooperative Eurial (Agrial Group) as Italy's second-largest dairy cooperative, faced potential exposure of proprietary manufacturing processes, supply chain details, and customer information. The company's production facility at Monte Grappa specializes in yogurts and fresh cheeses, with operations reliant on IT infrastructure that appeared compromised during the breach. LockBit’s operational model as a ransomware-as-a-service (RaaS) provider meant affiliates likely executed the attack while sharing profits with core developers. Historical LockBit victims in Italy included both public institutions and private enterprises, though the article did not confirm ransom payment or successful system restoration by Bontà Viva. Attack consequences typically included operational disruption from encrypted systems and reputational damage from potential data leaks encompassing financial records, employee details, and business correspondence. The company did not release a public statement regarding incident response actions, forensic findings, or data recovery progress as of the article's publication date.