Municipal council offices across Italy have had their computer files encrypted by a 'ransomware' virus that is demanding payment in bitcoin.
According to Corriere della Sera, one of the country's top newspapers, dozens of regional office workers are unable to pay bills, issue certificates or access server documents until they pay the digital ransom.
The attackers' fee is currently set at €400 worth of bitcoin, though this amount is said to double after three days.
After launching from a location in St Petersburg, Russia last Wednesday, the virus spread rapidly through the council's computer network through phishing emails. While some machines have been updated with antivirus software to block it successfully, many are still at risk.
How it works
Once the malware gains access to a victim's machine it sends what appears to be an ordinary .pdf file named with a long string of characters to all contacts in their email address book.
On closer examination the file is actually a malicious .exe program. When opened by an unsuspecting co-worker, this program encrypts all .pdf files, photos and Microsoft Office documents on their machine and server, rendering them useless.
After this block is activated, a 'hoax antivirus' invites users to purchase decoding software, providing the step-by-step instructions necessary to complete the procedure.
The hackers behind the attack have even included 'customer support' contact details for those unfamiliar with how to use bitcoin.
"After we paid they also had the audacity to invite us to contact them in case we have other problems," Maria Grazia Mazzolari, a town clerk in Bussoleno, Turin, told the Corriere della Sera.
So far, the stunt appears to be lucrative. Di.Fo.B, an Italian consultancy dealing with cyber crime, says the bitcoin addresses listed by the attackers have received around $100,000 from victims in the last 6 days alone.
In addition, Di.Fo.B expects this figure to rise as public offices still unaware of the virus are targeted.
Ransomware and bitcoin
Although ransomware has been around in various forms since the 1990s, there has been a rise in the number of viruses demanding payment in bitcoin.
The virus targeted small- to medium-sized businesses, and the crime agency said many millions of email accounts were at risk.
After witnessing an influx of UK buyers wishing to secure enough bitcoin to pay the Cryptolocker ransom, trading site BitBargain made the bold decision to block all new users for fear of being involved in money laundering activity.
Although many Cryptolocker victims reported that their files were not returned after payment, an activity the National Cyber Crime Unit does not endorse, some council workers have reported success after paying the attackers' fee in the latest attack.
This article was co-authored by Alex Canciani
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.