Italian rail operator stops ticket sales after suspected cyberattack

Sources have pointed to the HIVE group as the originator of the attack

Image:
Sources have pointed to the HIVE group as the originator of the attack

Italy's state railway operator Ferrovie dello Stato Italiane (FS) temporarily stopped the sale of in-station tickets this week, after finding evidence of a cyberattack on its systems.

Suspicious activity on the company's network indicated an assault similar to those using the CryptoLocker malware.

'Since this morning, elements that could be linked to a Cryptolocker infection have been detected on the computer network of Trenitalia and RFI,' the FS said.

'The network is currently being checked,' it added.

Unnamed security officials told Italian news agency Ansa that the type of attack indicated Russian hackers were likely behind it. It's unclear if the attack is related to the conflict in Ukraine.

As a precaution, FS temporarily shuttered ticket booths and turned off self-service ticketing. However, online sales were functioning normally, and passengers could still buy tickets from the conductor.

FS added that the incident had no impact on train traffic, which was running smoothly.

The network is currently being examined.

Trenitalia told Italian website Cybersecurity360 that some self-services were securely reactivated on Thursday.

A company representative said no ransom letter had been received and the damage was very limited.

The spokesperson added that the commercial network was isolated following the detection of the attack to prevent the ransomware from spreading. They added that FS would only reactivate the network after ensuring that no trace of ransomware is left in the system.

Pierguido Iezzi, CEO of Italian cyber security firm Swascan, told Cybersecurity360 that the HIVE gang was behind the attack.

No other details are currently available on the attack or claims, although it is easy to draw a link with the Ukrainian conflict and, as a result, an attempted attack by Russian hackers.

Cybersecurity agencies in Italy and other countries have previously warned of an increased risk of cyberattacks in retaliation of Italian and European aid to Ukraine.

Last week, Italy's railway networks had serious electronic control system malfunctions, resulting in major delays and train cancellations.

Alstom, which provides mobility solutions to RFI (Rete Ferroviaria Italiana), said a bug in signalling software caused the outage, which was resolved in hours following a technical intervention.

In July last year, a suspected ransomware attack caused more than 600 touchscreen ticketing machines across the north of England to go offline.