A ransomware attack has taken government systems offline in the Lazio region of Italy, including the local COVID-19 vaccination registration site. Lazio is one of the most populous regions of Italy and includes the capital Rome.

The attack was first detected on Sunday and was described by the regional government as a “powerful hacking attack” on the regional network. While the attack did not delay COVID-19 vaccinations, the vaccination registration site was still offline today with the government saying that it expected it to be restored by Friday.

According to CNN Business, an investigation has been opened into the attack and authorities have said that they have received a generic ransom request but with no further claims. Officially the regional government is saying that personal information has not been compromised.

That personal information has not been compromised as questionable, however. Bleeping Computer reports that the RansomEXX gang was behind the attack.

RansomEXX, previously known as Defray777, was the gang behind an attack on laser developer IP Photonics Corp. in September and was also linked to an attack of Konica Minolta Inc. While RamsonEXX is not explicitly known as a double-tap ransomware gang, the gang has in the past published screenshots of stolen data as proof of an attack.

“The attack on the vaccine booking website in Italy highlights how opportunistic threat actors can be – the healthcare industry was already under siege from cyberattacks since the pandemic began and now criminals are leveraging vaccine rollout technology to spread their attacks,” Mark McClain, chief executive officer of identity management firm SailPoint Technologies Holdings Inc. told SiliconANGLE. “It is critical for healthcare organizations to include vaccine booking technology as part of their security strategy and deploy cybersecurity processes—identity security for one—that can prevent coordinated security attacks.”

Chuck Everette, director of cybersecurity advocacy at cybersecurity company Deep Instinct Ltd. explained that “hackers have recognized that the demand for COVID vaccines presents a wealth of opportunities due to the number of people flocking to be protected, and the personal data that is required to even book a time and date to receive the vaccine.”

“The attack on Lazio’s vaccine portal appears to be part of a supply chain attack and is therefore not an isolated incident,” Everette added. “As this attack is part of a wider campaign, it should be the cause of further concern for other government agencies and healthcare organizations across the world.”

Photo: Anthony Quintano/Flickr