Cyber Incident Victim: Elefondati
Date:
Aug 2022
Location:
Italy
Summary
The Italian firm Elefondati suffered a ransomware attack by the LV cyber gang, which exfiltrated 20GB of data and issued a 72-hour ransom ultimatum. Attackers threatened to leak stolen information, destroy the company's reputation, initiate lawsuits, and compromise clients unless paid, while offering incentives including full data recovery, confidentiality guarantees, and a detailed report of system vulnerabilities with remediation advice. The victim specializes in designing communication systems, data transmission infrastructure, and security installations. The gang's coercive tactics emphasized reputational damage and legal consequences alongside unusual "service" offerings like vulnerability disclosures and promises not to reattack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 15, 2022, the Italian technology firm Elefondati SRL suffered a ransomware attack by the cybercriminal group LV, which claimed to have exfiltrated 20GB of company data. The attackers published a blog post announcing the breach and issued a 72-hour ultimatum for payment, threatening to release the stolen information to journalists and tier-one media outlets if their demands were unmet. The ransom note outlined severe consequences for non-compliance, including complete reputational destruction, management discrediting, lawsuits, client targeting through compromised credentials, permanent public data exposure, and media publication of the incident. Conversely, LV offered incentives for cooperation: full data recovery, deletion guarantees from their servers, confidential handling of the breach, assurances against future attacks, and a unique offering of detailed vulnerability reports with security hardening recommendations. The attackers emphasized their ability to bypass standard protective measures like credential changes and equipment modifications when threatening client attacks.
Elefondati SRL, specializing in telecommunications infrastructure, data transmission systems, and security installations, faced significant operational and reputational risks due to its work in IP telephony, unified communications, fiber-optic cabling, LAN/WAN networks, wireless systems, and IP surveillance solutions. The LV group’s attack leveraged double extortion tactics—combining data encryption with threats of sensitive information disclosure—a hallmark of modern ransomware operations. While the article did not specify Elefondati’s response actions or whether data was ultimately leaked, it contextualized the incident within broader ransomware trends, noting how criminal groups increasingly bundle "security consulting" with ransom demands to pressure payments. The company’s exposure of client-facing technical services amplified potential cascading impacts, including legal liabilities and erosion of trust in its security design capabilities. Standard ransomware defense strategies referenced in contextual portions of the report included employee training, air-gapped backups, patch management, and perimeter security controls, though no specific mitigation steps taken by Elefondati were documented in the source material.