Computer Virus Wreaks Havoc in Italian Administrations, Ransom Paid in Bitcoin

Journalist:
October 22, 2014

The computer systems of tens of local administrations in Italy have fallen to a “ransomware” computer virus that encrypts stored files and requests payment in Bitcoin for the decryption keys. The ransom is 400 Euros, and it doubles after three days.

Also read: Surge in Ransomware Likely Due to Bitcoin

Administration officers at Bussoleno, a small town in Northern Italy, could only recover important files by acquiring Bitcoin and paying the ransom. According to a story posted to Reddit, this is the first time a nation state is forced to acquire Bitcoin.

That is not entirely true, since the officers used their own money to buy bitcoins and pay – or perhaps they used bitcoins that they already had – and now they are thinking of how to justify the expense and claim a reimbursement. But the episode was certainly a shocking introduction and a “Bitcoin 101” course for the Italian administration, and perhaps something good will come out. Maria Grazia Mazzolari, Bussoleno’s Secretary, said:

“After we paid, they even had the impudence to invite us to contact them in case of other problems.”

The officers were shocked by finding out that there is no way to trace a Bitcoin address back to its owner. The IT consulting firm Digital Forensics Bureau (Di.Fo.B) could only discover that the criminals collected more than 100,000 dollars in five days. For those who read Italian, here is the Di.Fo.B report.

More than 40% of Victims Pay the Ransom

The TorrentLocker virus, which apparently came from St. Petersburg, Russia, is a variant of CryptoLocker. It propagates via infected email attachments and encrypts files using RSA public-key cryptography, with the private key stored only on the malware’s servers. When the user tries to open a file that has been encrypted by the virus, a message offers to decrypt the data for payment in Bitcoin.

In December 2013 ZDNet reported that four Bitcoin addresses posted by users who had been infected by CryptoLocker showed movement of 41,928 BTC between 15 October and 18 December, about US$27 million at that time. A survey by researchers at the University of Kent found that 41% of British victims decided to pay the ransom, a figure much larger than expected.

What do you think? Comment below!

Images from Shutterstock.

Last modified (UTC): October 22, 2014 08:46

Tags: ransom
Giulio Prisco @giulioprisco

Science writer, software developer, Bitcoin/crypto enthusiast.