Palermo/Sicilia: IT systems offline after ransomware attack

Sicherheit (Pexels, allgemeine Nutzung)[German]On the Friday (June 3, 2022) before Pentecost, the news made the rounds on Twitter that there had been a cyberattack on Palermo's IT systems. It was speculated quite quickly that it was likely to be a ransomware attack. It seems that the administration of Palermo (Sicily, Italy) has now been completely shut down after a successful ransomware attack.


I had already noticed the information about this incident on Twitter on June 3, 2022, but did not address that here on the blog. The tweets can be viewed here and here.

One tweet already speculates that it is not a DDoS attack but a ransomware infection that is taking place. This Italian website writes that the entire (IT) infrastructure network of the city of Palermo has been shut down due to a cyberattack. It says that the systems of the Sicilian municipal police, cameras and ZTL are affected. Problems can last for days and the impact is said to be severe.

Furthermore, the related article states that the Palermo City Council has been suffering from the cyberattack since about 6 a.m. on June 2, 2022. This had affected the computer systems of the network. The municipality's website in question, the management of the Municipal Police Operations Center and the video surveillance management system would be hosted on the computers in question.

So far, no one has claimed responsibility for the attack, but it is unlikely to be a DDoS attack – as the IT systems were shut down manually. This would also rule out the possibility that the pro-Russian cyber gang KillNet is behind the attack – companies and institutions in Italy are currently being attacked by this pro-Russian hacker group.


Paolo Petralia Camassa, Councillor for Innovation of the affected municipality, is quoted as saying in a post on social media "that the [IT] system has been shut down and isolated from the network for the moment as a precaution." The councilman described the situation as "serious" and the disruption could last for days. So the Palermo municipality's website is inaccessible not because of the attack itself, but precisely because the server is down. The Italian security site points out that the age-old problem of network segmentation, raised by experts in the past, is probably causative again. Too many IT functions are interconnected in the network and an infection leads to widespread failure. The medium quotes the following:

A lot of information points to a ransomware attack. However, it should be noted that there is currently no tangible evidence of this detail and no ransom demands from criminal groups behind such an operation. Moreover, the City of Palermo rules out any ransom demands, at least so far: "So far we have not received any demands, and according to the verifications carried out so far, there is no encrypted or stolen data for which a ransom could be demanded," Petralia added.

The shutdown of the city's network also means that the apps used to pay for LTZs and parking are no longer available or working. The barriers of the traffic restriction zones themselves are also not active.

In order to restore the situation to normal, the Municipality has set up a task force through SISPI, a company in which the Municipality has a stake and which takes care of the IT sector of Palermo's infrastructure. In fact, the SISPI is trying to restore the IT network and make it work again.

What worries the experts most, but also the municipality itself, is the sensitive data (in large numbers) stored in the city's registration and tax management systems. It is not yet clear whether these systems are affected by the attack: In any case, the administration says it has already filed a complaint with the police, and a file on the incident has already been opened at the public prosecutor's office, La Repubblica reports.

Also this medium reports: Due to the IT storage, no services can be guaranteed at the moment. For example, it is not possible to access reservations for the use of sports facilities, buy ZTL passes (probably for parking) or process papers. Also, civil status certificates, birth certificates, marriage certificates, change of address documents, and residence certificates remain unavailable. There is also great confusion among tourists, who no longer have access to online booking services for tickets to the museum and Teatro Massimo. Preparations for elections may also be stalled. None of this sounds good.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *