Dollmar S.p.A.

Dollmar S.p.A. is an Italian enterprise whose primary activity is the distribution of chemical products. The company is headquartered in Italy and functions as a intermediary that moves chemical substances from producers to end users. Its business model relies on managing the logistics, storage, and transportation of a variety of chemical goods within the national market. As a chemical distributor, Dollmar S.p.A. participates in the supply chain that supports industrial and commercial sectors requiring chemical inputs.

In October 2022, Dollmar S.p.A. became the target of a ransomware operation conducted by the Ragnar Locker group. The attackers exfiltrated roughly 35 GB of sensitive data after the firm refused to meet the ransom demand. Initial intrusion is believed to have occurred through compromised Remote Desktop Protocol credentials, which allowed the threat actors to gain a foothold inside the corporate network. Once inside, the attackers performed privilege escalation by exploiting known Windows vulnerabilities and deployed virtual machines to conceal their activities from security monitoring tools. They then moved laterally across systems, staging data prior to encryption and initiating a double extortion strategy that combined file locking with threats of public disclosure.

The ransomware episode resulted in noticeable operational disruption for Dollmar S.p.A., as encrypted systems hindered normal business functions. The leaked data included internal documents that were later verified by samples of the company’s letterhead, confirming the authenticity of the released information. The incident underscores the specific tactics employed by Ragnar Locker, such as using virtual environments to bypass defenses and leveraging credential abuse for initial access. This case illustrates the cybersecurity risks faced by chemical distribution organizations operating in Italy and highlights the importance of robust network segmentation and credential management.