Cantina Tollo

Cantina Tollo is an organization headquartered in Italy. The entity experienced a significant cybersecurity incident impacting its operations. On January 30, 2023, Cantina Tollo fell victim to a ransomware attack perpetrated by the LockBit 3.0 group. This attack compromised the organization's data center infrastructure, leading to the disruption of critical services essential for its functioning. The attackers successfully exfiltrated sensitive data, including financial records and client agreements.

The ransomware operators demanded a payment of $249,000 for the deletion of the stolen data, alternatively offering to extend their countdown timer before threatened public release for $1,000. In response to the breach, Cantina Tollo took immediate containment actions by isolating the affected systems and suspending impacted services to prevent further spread. The organization proactively notified its customers about the incident and initiated remediation efforts compliant with data protection regulations like the GDPR. Operational disruptions included temporary suspensions of services. LockBit published samples of the stolen data to increase pressure on the organization. Cantina Tollo's transparent communication strategy prior to LockBit's leak deadline was highlighted as an exemplary aspect of their crisis management response during this incident.