Attack On The SIAE: Hackers Blackmail Italian Artists

About 60 GB of data was stolen and encrypted from the SIAE database: hackers demand a € 3 million ransom in Bitcoin or publish it all.

The hackers do not spare anyone, not even artists: the agency has learned of AGI press, in fact, on the night there was a powerful hacker attack against the SIAE, the Italian Society of Authors and Publishers, which protects the rights of ‘author for musical, cinematographic and multimedia works. This is not an attack on the site but a ransomware-type virus.

That type of virus, which once infiltrates a network, proceeds to encrypt all the data stored in it, making them unusable by the legitimate owner. In these cases, the hackers’ strategy is obvious: encrypt the data and then ask the victim for an economic ransom, making him pay to get back the data. As usually happens in these cases, some of the encrypted data is published on the Dark Web as evidence of the ” data breach ” and begin receiving purchase offers.

If the victim does not pay, in fact, not only does he not get the encrypted data back, but the data is also sold to other cybercriminals. In case of a hacker attack on the SIAE, from what has been learned from the AGI, the publication of some data has already taken place.

Hacker Attack On The SIAE: What Happened

The hackers’ attack against the Italian Society of Authors and Publishers would have occurred a few hours ago. The communication that happened to the Postal Police and the Privacy Authority (both mandatory, in these cases) was sent in the morning.

Under attack is not the institution’s website, which is still online and does not show any problems, but the database containing the data of the authors and artists registered. The stolen and encrypted data would amount to 60-70 GB, inside there would be everything: identity documents of the members (driving licenses, identity cards, and passports), bank IBANs, and credit cards on which the SIAE pays the due to copyright holders, contracts between artists and companies.

The SIAE confirmed that it is a ransomware attack on the AGI, which was asked for a ransom in Bitcoin for a value of 3 million euros, which has warned the Postal Police and Privacy Guarantor but has no intention of paying the ransom.

Two weeks ago, the company had been the subject of a phishing attempt; it is not excluded that the two episodes are connected. From the first available information, it is already certain that the hacker collective ” Everest, “which develops the homonymous ransomware, in turn, derived from Everbe 2.0, attacked the SIAE database.

Everest Ransomware

The Everest computer virus started circulating very quickly in 2020 and was born from a rib of Everbe 2.0. After being infiltrated into a computer system, he starts encrypting files. Usually, the infection starts from a spam email containing an attachment that launches a script, which downloads and installs the virus.

From experience gained during other attacks carried out by the development team of this ransomware, it is not convenient to pay the ransom: the payment is often ignored; it is a scam within a scam.

Independent security researchers develop tools to decrypt files affected by Everest. Their effectiveness, however, is not always guaranteed, and, after being attacked, data is usually considered lost. They can be recovered from a backup, but a copy of them will remain in the hands of hackers who will try to sell it on the Dark Web to monetize the attack.

Also Read: Microservices Deployment Patterns