Cyber Incident Victim: Amalfitana Gas Srl

Amalfitana Gas Srl, an Italian company, experienced a cybersecurity incident involving the Everest ransomware group around July 1, 2022. Attackers encrypted company files and exfiltrated sensitive documents, including internal correspondence, contracts for regional pipeline construction projects, customer service lists, invoices, tax records, insurance claims, and incident reports. Additional unspecified documents were downloaded from corporate servers. The ransomware operators issued a deadline for the company to contact them by the end of the following Monday to negotiate file decryption and data deletion. When initial demands were not met, Everest escalated pressure by publicly releasing two document samples: one containing economic progress reports on construction projects and another detailing gas distribution service plans for the municipality of Giugnano. This publication tactic aligned with common ransomware group strategies to coerce payment through threats of further data exposure.

The incident disrupted normal business operations through file encryption and created potential reputational risks from exposure of proprietary contracts and customer information. Financial pressures mounted due to both ransom demands and potential regulatory consequences from leaked fiscal documents. No technical details regarding initial intrusion vectors, detection methods, or containment procedures were disclosed in available sources. The cybersecurity news outlet RedHotCyber monitored developments but reported no subsequent updates about payment negotiations, data recovery status, or additional leaks. The company did not issue public statements through the reporting channel during the documented observation period, leaving resolution outcomes unconfirmed in source materials. Operational impacts likely persisted through the encryption of critical documents required for pipeline construction projects and customer service management.