Access

Share
Share

THE SIAE CASE: HOW IT LOST THE COMMUNICATION CHALLENGE TO ITS AUDIENCE

The SIAE (Società Italiana degli Autori ed Editori) also fell victim to a cyber attack. On 20 October, it suffered a ransomware attack by the Everest Ransom Team.

A group of very active hackers made headlines for another attack on the US government during which a large number of passports, tax documents and court cases were allegedly stolen.

Everest is a group of cyber criminals who work in an atypical way compared to other more famous teams such as Conti, Revil or LockBit. For instance, in this attack against the SIAE, data were not encrypted and rendered unusable, but only exfiltrated, stolen. 

A ransom demand in the amount of USD 3 million then arrived. 

SIAE promptly and publicly refused to pay. Gaetano Blandini, SIAE's General Manager, stated: "Fortunately, there does not seem to be any economic data relating to bank Iban, but only personal data, such as identity cards, tax codes and the data of many of our employees".

Granted that this statement is partially wrong because the IBANs of the members have also been leaked, what is striking is how even today, 5 years after the GDPR came into force, there is a lack of understanding of the economic damage generated by such an event. 

Personal data are a goldmine for cyber criminals and should be preserved like precious gold. In fact, Everest publicly offered the data for sale on its website (https://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion.ws/siae/) for USD 500 000. In the hours following the attack, the first blackmail messages were sent to the individual artists whose data had been stolen, with requests for 10,000 euros in bitcoin.

In this case, unfortunately, one has to organise oneself to change one's telephone number and e-mail address, and also replace them on the various websites where they are used as a form of one- or multi-factor authentication. 

It is also advisable to apply to the police authorities to change your identity card, driving licence and tax code by declaring the previous ones lost or stolen.

Attacks of this kind are becoming increasingly common even on small and medium-sized enterprises, resulting in economic and image damage that is sometimes irreparable. 

That is why it is important to defend, prevent and insure against cybercriminals. 

RESOURCES FOR YOU

Download Free Guide

In our guide you will learn how to secure a small or medium-sized business, from an IT point of view, and how to protect yourself from attacks on the internet.

Related items

The importance of analysing the cyber risk of one's suppliers

If you are a manufacturer, distributor or supplier in today's global economy, protecting yourself from cyber risks is more important than ever.

SMEs and cybersecurity: is it a necessity or can it be done without?

They want to convince us that cybersecurity is becoming a top priority for companies. This is the feeling one gets when faced with the endless stream of news stories about cyber attacks and data breaches: for example, the growth trend of the annual expenditure that companies will devote to cybersecurity is set to grow by 15% per year, to reach $10 trillion in 2025

1 (one) thing to do now not to risk losing 10,000 euro

There is one thing you can do right away (even if you are not a security expert and do not have anyone to help you see if someone has broken into your systems) that will significantly reduce the risk of losing money in your company.

Your company finally protected and secure.

We offer protection and insurance tailored to your company and your level of risk.
Registration free of charge.

en_GBEN

Contact us for more information