Bitcoin 'Ransomware' Freezes Council Offices Across Italy

Council offices across Italy had their computer files encrypted by a 'ransomware' virus that is demanding payment in bitcoin.

AccessTimeIconOct 22, 2014 at 7:40 p.m. UTC
Updated Aug 18, 2021 at 3:25 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Municipal council offices across Italy have had their computer files encrypted by a 'ransomware' virus that is demanding payment in bitcoin.

According to Corriere della Sera, one of the country's top newspapers, dozens of regional office workers are unable to pay bills, issue certificates or access server documents until they pay the digital ransom.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • The attackers' fee is currently set at €400 worth of bitcoin, though this amount is said to double after three days.

    After launching from a location in St Petersburg, Russia last Wednesday, the virus spread rapidly through the council's computer network through phishing emails. While some machines have been updated with antivirus software to block it successfully, many are still at risk.

    How it works

    Once the malware gains access to a victim's machine it sends what appears to be an ordinary .pdf file named with a long string of characters to all contacts in their email address book.

    On closer examination the file is actually a malicious .exe program. When opened by an unsuspecting co-worker, this program encrypts all .pdf files, photos and Microsoft Office documents on their machine and server, rendering them useless.

    After this block is activated, a 'hoax antivirus' invites users to purchase decoding software, providing the step-by-step instructions necessary to complete the procedure.

    The hackers behind the attack have even included 'customer support' contact details for those unfamiliar with how to use bitcoin.

    "After we paid they also had the audacity to invite us to contact them in case we have other problems," Maria Grazia Mazzolari, a town clerk in Bussoleno, Turin, told the Corriere della Sera.

    So far, the stunt appears to be lucrative. Di.Fo.B, an Italian consultancy dealing with cyber crime, says the bitcoin addresses listed by the attackers have received around $100,000 from victims in the last 6 days alone.

    In addition, Di.Fo.B expects this figure to rise as public offices still unaware of the virus are targeted.

    Ransomware and bitcoin

    Although ransomware has been around in various forms since the 1990s, there has been a rise in the number of viruses demanding payment in bitcoin.

    In November last year – one month before bitcoin's all-time high – the UK’s National Cyber Crime Unit issued an alert about Cryptolocker, an aggressive breed of ransomware contained in zip files carried by email.

    The virus targeted small- to medium-sized businesses, and the crime agency said many millions of email accounts were at risk.

    After witnessing an influx of UK buyers wishing to secure enough bitcoin to pay the Cryptolocker ransom, trading site BitBargain made the bold decision to block all new users for fear of being involved in money laundering activity.

    Although many Cryptolocker victims reported that their files were not returned after payment, an activity the National Cyber Crime Unit does not endorse, some council workers have reported success after paying the attackers' fee in the latest attack.

    This article was co-authored by Alex Canciani

    Image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.