Cyber Incident Victim: Banca di Credito Cooperativo
Date:
Apr 2021
Location:
Italy
Summary
An Italian cooperative credit bank suffered a ransomware attack attributed to the DarkSide group, disrupting operations across 188 branches and causing significant customer issues. The institution initially cited technical communication problems but later acknowledged the incident after a ransom note appeared on infected systems, while assuring customers that ATM and home banking services remained functional. Operations were projected to resume within several days as negotiations with the threat actors reportedly continued, with the bank advising affected individuals to utilize alternative channels and refrain from panic.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around April 27, 2021, Banca di Credito Cooperativo (BCC), a major Italian cooperative credit bank, suffered a cyberattack that disrupted operations across its 188 branches. The incident caused significant operational paralysis, preventing customers from conducting routine transactions and accessing branch services. Initial public statements from the bank attributed the disruption to unspecified technical issues affecting communication systems, though they confirmed ATMs and Home Banking platforms remained functional and advised customers to utilize those alternatives. Subsequent analysis revealed the attack involved ransomware deployed by the DarkSide cybercrime group, as evidenced by a ransom note displayed on compromised systems within the bank's network. The note explicitly claimed responsibility for the attack on behalf of DarkSide, signaling a deliberate targeting of the financial institution. The attack's immediate impact centered on crippling internal communications and transactional capabilities at physical branches, creating widespread inconvenience for account holders reliant on in-person services. BCC management acknowledged the severity of the disruption but sought to prevent panic by emphasizing the continued availability of electronic channels and assuring customers that efforts were underway to restore full operations.
Technical recovery efforts proceeded alongside negotiations with the threat actors, as confirmed by the bank's statement that discussions were ongoing while aiming to resume normal branch functions by May 3, 2021—approximately one week post-incident. The containment strategy prioritized isolating affected systems to prevent further encryption or lateral movement within the network, though specific technical mitigation steps were not publicly detailed. Customer communications consistently directed individuals toward unaffected services while avoiding explicit confirmation of data theft or detailed forensic findings. The prolonged branch outage underscored the attack’s disruptive impact on a regional banking network dependent on physical locations for customer interactions, though the bank avoided characterizing the incident as a data breach. Operational restoration proceeded within the communicated timeframe, with no subsequent public reports of extended disruptions or failed recovery efforts following the initial containment phase.