Italian city of Palermo shuts down all systems to fend off cyberattack

The municipality of Palermo in Southern Italy suffered a cyberattack on Friday, which appears to have had a massive impact on a broad range of operations and services to both citizens and visiting tourists.

Palermo is home to about 1.3 million people, the fifth most populous city in Italy. The area is visited by another 2.3 million tourists every year.

Although local IT experts have been trying to restore the systems for the past three days, all services, public websites, and online portals remain offline.

According to multiple local media outlets, the impacted systems include the public video surveillance management, the municipal police operations center, and all of the municipality’s services.

It’s impossible to communicate or request any service that relies on digital systems, and all citizens have to use obsolete fax machines to reach public offices.

Moreover, tourists cannot access online bookings for tickets to museums and theaters (Massimo Theater) or even confirm their reservations on sports facilities.

Finally, limited traffic zone cards are impossible to acquire, so no regulation occurs, and no fines are issued for relevant violations. Unfortunately, the historical city center requires these passes for entrance, so tourists and local residents are severely impacted.

Ransomware or DDoS?

Italy recently received threats from the Killnet group, a pro-Russian hacktivist who attacks countries that support Ukraine with resource-depleting cyberattacks known as DDoS (distributed denial of service).

While some were quick to point the finger at Killnet, the cyberattack on Palermo bears the signs of a ransomware attack rather than a DDoS.

The councilor for innovation in the municipality of Palermo, Paolo Petralia Camassa, has stated that all systems were cautiously shut down and isolated from the network while he also warned that the outage might last for a while.

This is a typical response to a ransomware attack, with networks being taken offline to prevent the malware from spreading to more computers and encrypting files.

If this cyberattack turns out to be ransomware, the gang responsible for it might have managed to steal data to conduct double-extortion, which commonly accompanies these attacks.

In that case, Palermo could face the prospect of a severe data breach affecting a large number of individuals and potentially also incurring fines for GDPR violations.

Bleeping Computer has reached out to the company that responded to the incident and currently performs the IT services restoration, SISPI, and we will update this post as soon as we receive a response.

Italian city of Palermo shuts down all systems to fend off cyberattack