June 6 — In Italy, the City of Palermo has suffered a cyber attack. Media outlets report that affected systems include public video surveillance management, the municipal police operations center, and the entirety of the city’s municipal services.
Citizens cannot communicate or request any service that depends on digitally connected systems. All citizens have been instructed to use fax machines to reach public offices.
In addition, tourists cannot book museum or theater tickets online, or confirm reservations for sports arenas. Further, limited traffic zone cards are impossible to obtain, meaning that the city cannot issue violations for certain traffic violations.
Councilor for innovation in the municipality, Paolo Petralia Camassa, states that all systems were temporarily taken offline and isolated from the network in order for experts to evaluate issues. Camassa also warned that the outage might last for a while.
Disconnecting systems is a standard response to a ransomware attack. It can prevent an attack from spreading across devices and a network (or networks).
Cyber security professionals state that if the attack proves to have stemmed from ransomware (as currently believed), those responsible for it might have managed to steal data for double-extortion purposes.
On account of the attack, Palermo could find itself cleaning up a severe data breach, which may affect a large volume of citizens and lead to GDPR-related penalties.