The City of Palermo Relies on Arcserve Backup and Recovery Solution Following Ransomware Attack


A quick online search using the string “City of Palermo ransomware attack” yields pages of headlines. Many note that the Vice Society gang was behind the double-extortion ransomware attack. In a double extortion attack, the cybercriminals encrypt data like a typical ransomware attack, extracting payment from victims to get it back. It adds insult to injury by exfiltrating and exposing sensitive data and demanding further payment. This attack vector is becoming much more common, with the number of double extortion attack victims growing by 935 percent in 2021.

The attack on Palermo in June brought down its “entire telematic infrastructure,” according to a translated release issued by the city. That included all of its workstations at its various municipal offices, completely interrupting all city services, including police operations and public video surveillance management.

The city refused to pay the attacker’s ransom demand, instead attempting to restore its systems manually. That’s when Vice Society issued the second threat of its double-extortion plot, letting the city know that the stolen documents would be published if they didn’t pay up. As of this writing, the city hasn’t specified the data taken.

Backups Corrupted in Ransomware Attack

The press release issued by the city noted that some of its backups were corrupted in the attack. The city’s Veeam server was unavailable, as was its VMware infrastructure. The release pointed out that the city relied on its Arcserve recovery solution and the remaining accessible data from its Oracle database and NetApp storage in its initial recovery efforts.

For Palermo, recovery has involved creating a private network available to only a small number of verified workstations. While the city hasn’t issued any recent updates, its next step is to re-install basic infrastructure and then try to restore workstations before adding them to the network.

Palermo confirmed the attack and notified data protection authorities shortly after the attack on June 2, per GDPR. The city could still be required to pay GDPR fines for failing to prevent the data breach by having proper protections in place.

Arcserve: Palermo’s Last Line of Defense

While the details of Palermo’s recovery are still unfolding, it’s important to note that its prevention measures weren’t effective, and some of its backups were corrupted. But the Arcserve solution’s data protection capabilities let the city begin recovery immediately.

Vice Society has also attacked supermarket chain Spar, the Medical University of Innsbruck, a small school district in Iowa, and many other organizations. So you can expect more attacks to make headlines in the future.

How do you choose the best way to ensure your organization can recover from a ransomware attack? First, put proper data protections in place. Then select a backup and recovery solution that safeguards your data by placing it in an immutable object store. Immutable backups can’t be altered or deleted, even if ransomware does get to your backups.

For guidance in choosing the optimal data protection, backup, and disaster recovery solution for your organization, talk to an Arcserve technology partner. To learn more about Arcserve products, check out on-demand demos.

You May Also Like