Municipal council offices across Italy have had their computer files encrypted by a ‘ransomware’ virus that is demanding payment in bitcoin.

According to Corriere della Sera, one of the country’s top newspapers, dozens of regional office workers are unable to pay bills, issue certificates or access server documents until they pay the digital ransom.

The attackers’ fee is currently set at €400 worth of bitcoin, though this amount is said to double after three days.

After launching from a location in St Petersburg, Russia last Wednesday, the virus spread rapidly through the council’s computer network through phishing emails. While some machines have been updated with antivirus software to block it successfully, many are still at risk.

How it works

Once the malware gains access to a victim’s machine it sends what appears to be an ordinary .pdf file named with a long string of characters to all contacts in their email address book.

On closer examination the file is actually a malicious .exe program. When opened by an unsuspecting co-worker, this program encrypts all .pdf files, photos and Microsoft Office documents on their machine and server, rendering them useless.

After this block is activated, a ‘hoax antivirus’ invites users to purchase decoding software, providing the step-by-step instructions necessary to complete the procedure.

The hackers behind the attack have even included ‘customer support’ contact details for those unfamiliar with how to use bitcoin.

“After we paid they also had the audacity to invite us to contact them in case we have other problems,” Maria Grazia Mazzolari, a town clerk in Bussoleno, Turin, told the Corriere della Sera.

So far, the stunt appears to be lucrative. Di.Fo.B, an Italian consultancy dealing with cyber crime, says the bitcoin addresses listed by the attackers have received around $100,000 from victims in the last 6 days alone.

In addition, Di.Fo.B expects this figure to rise as public offices still unaware of the virus are targeted.

Ransomware and bitcoin

Although ransomware has been around in various forms since the 1990s, there has been a rise in the number of viruses demanding payment in bitcoin.

In November last year – one month before bitcoin’s all-time high – the UK’s National Cyber Crime Unit issued an alert about Cryptolocker, an aggressive breed of ransomware contained in zip files carried by email.

The virus targeted small- to medium-sized businesses, and the crime agency said many millions of email accounts were at risk.

After witnessing an influx of UK buyers wishing to secure enough bitcoin to pay the Cryptolocker ransom, trading site BitBargain made the bold decision to block all new users for fear of being involved in money laundering activity.

Although many Cryptolocker victims reported that their files were not returned after payment, an activity the National Cyber Crime Unit does not endorse, some council workers have reported success after paying the attackers’ fee in the latest attack.

This article was co-authored by Alex Canciani

Image via Shutterstock