Attack on SIAE: hackers blackmail Italian artists

Approximately 60 GB of data have been stolen and encrypted from the SIAE database: hackers demand a 3 million euro ransom in Bitcoin, or they will publish everything

Hackers don't really spare anyone, not even artists: according to what has been learned by the news agency AGI, in fact, during the night there was a major hacker attack against the SIAE, the Italian Society of Authors and Publishers that protects the copyrights for musical, cinematographic and multimedia works. It's not an attack on the website, but a ransomware virus.

That kind of virus, that is, that once infiltrated in a network proceeds to encrypt all data stored in it making them unusable by the legitimate owner. In these cases, the strategy of the hackers is very clear: encrypt the data and then ask the victim for an economic ransom, i.e. make him pay to get the data back. As it usually happens in these cases, then, some of the encrypted data are published on the Dark Web to witness the "data breach" and to start receiving offers to buy: if the victim doesn't pay, in fact, not only he doesn't get back the encrypted data, but the data are also sold to other cybercriminals. In the case of the hacker attack on the SIAE, from what we learned from AGI, the publication of some data has already happened.

Hacker attack on the SIAE: what happened

The attack against the Italian Authors' and Publishers' Society by hackers would have happened just a few hours ago: the communication of what happened to the Postal Police and to the Privacy Authority (both mandatory, in these cases) was in fact sent in the morning.

The website of the organization is not under attack, which is still online and does not show any problem, but the database containing the data of the authors and the registered artists. The stolen and encrypted data amounts to 60-70 GB, and it contains everything: members' identity documents (driver's licenses, identity cards and passports), bank IBANs and credit cards on which SIAE pays royalties to copyright holders, contracts between artists and companies.

At AGI, the SIAE has confirmed that it is a ransomware attack, that a ransom in Bitcoin worth 3 million euros has been demanded, that it has warned the Postal Police and the Privacy Guarantor but that it has no intention of paying the ransom.

Apparently two weeks ago, the company was the subject of a phishing attempt, so it cannot be ruled out that the two episodes are connected. From the first information available, it is already certain that the attack on the SIAE database was carried out by the hacker collective "Everest", which develops the ransomware of the same name, which in turn is derived from Everbe 2.0.

The Everest ransomware

The Everest computer virus started circulating very quickly in 2020 and was born from a rib of Everbe 2.0. After being infiltrated into a computer system, it starts encrypting files. The infection usually starts with a spam email containing an attachment that launches a script, which in turn downloads and installs the virus.

According to the experience gained during other attacks carried out by the development team of this ransomware, it is not very convenient to pay the ransom: very often the payment is simply ignored, it is a scam within a scam.

Tools have been developed by independent security researchers to decrypt files affected by Everest. Their effectiveness, however, is not always guaranteed and, after suffering the attack, data is usually considered lost. It can be recovered from a backup, but a copy of it will still remain in the hands of hackers who will try to sell it on the Dark Web to monetize the attack.