Despite being one of the oldest attack methods, counting 36 candles this year since it first started making victims, ransomware is still widespread and very scary.
Italy, according to ACN, the National Cybersecurity Agency, is the third country in the European Union, after Germany and France, most affected by ransomware attacks and the sixth globally.
The favorite victims of pirates are small and medium-sized enterprises, especially in the most productive northern area of the country and, in particular, those companies where a cybersecurity culture adequate to the current risk has not yet developed .
A situation so serious that it poses a risk to national security, as highlighted by the 2025 Information Security Policy Report, as ransomware attacks are also increasingly being used for espionage and sabotage purposes by entities linked to states.
For these reasons, Italy’s regulatory landscape against cyber attacks is likely to soon be equipped with another tool: a new bill that was presented last March 20 in the Chamber of Deputies under the signature of Matteo Mauri (Pd) and that aims to strengthen our country’s defensive structure against cyber attacks and ransomware in particular.
At the heart of the bill, which consists of a single article delegating the government to take action through legislative decrees within six months, is a ban on ransom payments and a requirement that the CSIRT be notified within six hours. In addition, there are intelligence measures and national task force, and a fund for affected companies.
Specifically, these are the nine basic guidelines provided in the standard.
- Ban on ransom payment for those included in the Cybersecurity National Security Perimeter. The ban may be waived only by an act of the Prime Minister when there is a serious risk to national security.
- Requirement to notify CSIRT Italy within six hours of discovering a ransomware attack, with administrative penalties for non-compliance. The CSIRT must in turn notify the Postal Police, supervisory authorities (DORA) and, if relevant, the Ministry of Defense as well.
- Qualifying the attack as a national security threat and allowing the Prime Minister to activate cyber intelligence measures even in the absence of an overt crisis.
- Undercover law enforcement activities including on computer networks abroad for investigation of computer crimes.
- ACN National Action Plan, with operational and preventive measures to support victims, particularly SMEs and local PAs. Actions include: assistance in managing the attack, containment, restoration of systems, and evaluation of alternatives to ransom payment.
- Establishment of a national anti-ransomware task force at CSIRT Italy, with functions of operational coordination, information sharing and victim support.
- Economic incentives to ACN for implementing the planned measures.
- Creation of the “National Fund for Response to Ransomware Attacks,” intended to support public and private entities in providing even partial compensation for economic losses incurred as a result of an attack. Access to the fund will be possible only for those who can prove that they have properly notified the incident and followed the operational guidelines of the ACN.
Ransomware: history and development of the prince of attacks
It was 1989 when, during an AIDS conference, a biologist named Joseph Popp distributed a floppy disk to attendees containing ransomware called PC Cyborg Trojan and renamed it AIDS Trojan. This encrypted file names with an encryption method and demanded a ransom of $189.
That’s how ransomware was born 36 years ago. Since then it has steadily evolved, reaping more and more victims and becoming one of the web’s leading bogeymen.
This is malware that infects computers and makes data inaccessible with the goal of demanding a ransom to restore it. As indeed the name itself says: “ransom” in English means precisely “ransom. “
The threat generally arrives via e-mails, disguised as official communications, that prompt users, usually employees or contractors of a company or organization, to download attachments or click on a link. This action installs software that acts in the background barring the user from accessing files on the targeted computer, via cryptographic blocking.
From the point of view of criminals, this is relatively easy, profitable and therefore very attractive.
For companies, on the other hand, the damage is enormous because in addition to the actual ransomware, victims have to put in the bill for the interruption of their activities, the loss or damage of data, which often is not restored despite the payment of the ransom, and, finally, the damage to reputation.
According to the new Ransomfeed report offering a detailed analysis of ransomware trends globally, global ransomware claims in the second quarter of 2024 totaled 1,747.
Of these, 58 involved Italy and amounted to just over one ransomware attack every two days, an increase of nearly 100 percent over the second four months of 2022.
The economic burden of cyber attacks
The average cost of a data breach in Italy, according to IBM’s recent Cost of a Data Breach Report 2024, reached 4.37 million euros.
The manufacturing, healthcare and public services sectors are among the most affected. The increase in attacks has made the fragility of Italy’s digital infrastructure even more apparent.
Despite the growth and increased sophistication of attacks, what emerges from the Researchers’ Reports, however, is a worrying insufficiency in awareness of cyber threats, both among companies and public institutions.
An awareness gap that results in inadequate responses and delays in taking effective security measures.
In addition to the damage, there is also the fine
In Italy, in addition to the aforementioned damages, ransomware victims are also subject to penalties under a measure issued in 2022 by the Italian Data Protection Authority. A warning to organizations that they must better equip themselves for data protection and cyber risk management.
How to defend yourself
To defend against these kinds of attacks, technical measures are certainly useful.
Among these, the most important are backup strategies, proper management of authentication credentials, and installation of monitoring and anti-intrusion systems to quickly detect any “contagions.”
However, since ransomware is a method of attack that exploits the human element by leveraging vulnerability, distraction, emotionality, and, in general, a lack of proper digital posture, it is imperative that companies and organizations today invest in excellent, continually updated training courses that include hands-on exercises and customized training.
The goal is to transform the “human factor” from a weak link in the chain to the first factor of defense.
