The Medusa ransomware group has recently added Alto Calore Servizi SpA to their list of victims, claiming the Alto Calore cyber attack.
Alto Calore Servizi is a company that manages the collection, supply, and distribution of drinking water, as well as sewage and purification services in Italy. The hacker collective has stated that will publish the company’s data in seven days if their demands are not met.
Alto Calore Servizi SpA, established on March 13, 2003, is a joint-stock company consisting of 126 shareholders, including 125 municipalities in the province of Avellino and Benevento, as well as the administration of the province of Avellino. The company is responsible for collecting and distributing drinking water, sewerage, and wastewater treatment.
Alto Calore cyber attack timeline
The first string in Alto Calore cyber attack occurred on April 28, 2023 when the threat actor compromised the IT system of Alto Calore Servizi, making them temporarily unusable.
Upon finding out about the attack, the company released a statement informing its clients that it will not be possible to carry out any operations or provide information that requires querying the database.
Moreover, the company assured that the restoration of the system will be communicated to the public through press releases.
The Medusa ransomware group has given Alto Calore Servizi a deadline of seven days to meet their demands, after which they will publish the company’s data.
The group has added a countdown timer on their blog, indicating that the time left for Alto Calore Servizi to comply with their demands is ticking away.
In addition to the deadline, the Medusa ransomware group has demanded a ransom of $10,000 to delete all the data they have acquired from Alto Calore Servizi’s IT system.
If the company fails to pay the ransom, the group has threatened to download the data and demand a much larger ransom of $100,000.
Alto Calore cyber attack and Medusa ransomware group
The attack on Alto Calore Servizi is the latest in a string of cyberattacks on critical infrastructure.
Medusa is a relatively new ransomware group that first emerged in late 2021. The group is believed to be a Russian-speaking criminal organization that primarily targets large corporations and government entities.
Like most ransomware groups, Medusa uses a variety of tactics to gain access to its victims’ systems. These include exploiting known vulnerabilities in software, sending phishing emails with malicious attachments, or using social engineering techniques to trick users into downloading and running malware.
Once inside a victim’s network, Medusa will typically move laterally to gain access to as many systems as possible.
The group’s ransomware is designed to encrypt files on all infected machines, making them inaccessible to the victim. The group then demands a ransom payment for the decryption key needed to unlock the files.
Alto Calore cyber attack: Conclusion
As the deadline approaches, it remains to be seen whether Alto Calore Servizi will pay the ransom or risk having their data published by the Medusa ransomware group.
The incident serves as a reminder that no organization is immune to cyber attacks and highlights the need for constant vigilance and preparedness.