Access

Share
Share

THE SIAE CASE: HOW IT LOST THE COMMUNICATION CHALLENGE TO ITS AUDIENCE

The SIAE (Società Italiana degli Autori ed Editori) also fell victim to a cyber attack. On 20 October, it suffered a ransomware attack by the Everest Ransom Team.

A group of very active hackers made headlines for another attack on the US government during which a large number of passports, tax documents and court cases were allegedly stolen.

Everest is a group of cyber criminals who work in an atypical way compared to other more famous teams such as Conti, Revil or LockBit. For instance, in this attack against the SIAE, data were not encrypted and rendered unusable, but only exfiltrated, stolen. 

A ransom demand in the amount of USD 3 million then arrived. 

SIAE promptly and publicly refused to pay. Gaetano Blandini, SIAE's General Manager, stated: "Fortunately, there does not seem to be any economic data relating to bank Iban, but only personal data, such as identity cards, tax codes and the data of many of our employees".

Granted that this statement is partially wrong because the IBANs of the members have also been leaked, what is striking is how even today, 5 years after the GDPR came into force, there is a lack of understanding of the economic damage generated by such an event. 

Personal data are a goldmine for cyber criminals and should be preserved like precious gold. In fact, Everest publicly offered the data for sale on its website (https://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion.ws/siae/) for USD 500 000. In the hours following the attack, the first blackmail messages were sent to the individual artists whose data had been stolen, with requests for 10,000 euros in bitcoin.

In this case, unfortunately, one has to organise oneself to change one's telephone number and e-mail address, and also replace them on the various websites where they are used as a form of one- or multi-factor authentication. 

It is also advisable to apply to the police authorities to change your identity card, driving licence and tax code by declaring the previous ones lost or stolen.

Attacks of this kind are becoming increasingly common even on small and medium-sized enterprises, resulting in economic and image damage that is sometimes irreparable. 

That is why it is important to defend, prevent and insure against cybercriminals. 

RESOURCES FOR YOU

Download Free Guide

In our guide you will learn how to secure a small or medium-sized business, from an IT point of view, and how to protect yourself from attacks on the internet.

Related items

Poste Italiane and Cyberangels: A Collaboration for Italy's Digital Future

The Hero versus the Villain: how SMEs can avoid cybersecurity mistakes in web application development

This is the story of one of our clients, a small consulting company in the pharmaceutical sector, and how it ran into difficulties after developing a web application to provide technical services to its customers

The importance of supplier cyber risk management in the NIS2 era

The implementation of the NIS2 Directive is now live -and it will have a strong impact on how companies manage supplier risk in the coming years.

Your company finally protected and secure.

We offer protection and insurance tailored to your company and your level of risk.
Registration free of charge.

Contact us for more information