Cyber Incident Victim: Fratelli Veroni

The Royal ransomware group targeted Italian cured meat producer Fratelli Veroni in an attack publicly disclosed on November 4, 2022. Royal compromised the company's IT infrastructure, exfiltrated approximately 100 MB of sensitive data, and deployed ransomware to encrypt systems. The attackers employed double extortion tactics by publishing 1% of stolen data on their dedicated leak site while demanding a ransom payment between $250,000 and $2 million. Published samples included employee identification documents (passports and ID cards), financial records, supplier contracts, product ingredient specifications, and export documentation related to UK business operations. Royal intensified pressure by threatening further data releases unless Veroni complied with payment demands. The group gained initial network access through callback phishing schemes, posing as software vendors or food delivery services to trick employees into installing remote access tools.

This incident disrupted operations at the century-old Correggio-based company known for artisanal meat production. The data exposure risked supply chain relationships through leaked contracts and proprietary formulations, while employee PII exposure created legal compliance challenges. Royal's operational model differed from typical ransomware-as-a-service groups, functioning as a private collective with members drawn from established cybercrime operations like BlackCat and Conti. The attack followed similar patterns seen in Royal's global campaigns since January 2022, though Veroni represented their first confirmed Italian victim. No official statement from Veroni regarding incident response or payment status was reported at the time of disclosure. The breach occurred amidst broader targeting of Italy's food sector, with competitors Venegoni and Rovagnati having previously suffered LockBit ransomware attacks.