2 min

Tags in this article

, , , ,

Ransomware group LockBit claims to hold 78GB of private information on Italian companies. According to the cybercriminals, the data was stolen in a cyberattack on the Italian tax authority.

The IT partner of the tax authority investigated the claim. On Monday 25 July, a spokesperson told Bloomberg that there were no indications of a cyberattack.

The statement is striking, as LockBit isn’t known for false claims. According to research by NCC Group, the ransomware group was responsible for 40 percent of all known ransomware attacks in May 2022.

The Italian tax authority is part of the Ministry of Economy. The ministry released a statement saying the investigation is ongoing. That was the last update. While it’s possible that the IT partner couldn’t find any indiciations, there seems to be more to the claim than meets the eye.

One of the largest

LockBit claimed the dataset contains 78GB of “documents, scans, financial reports and contracts” in an announcement on the darkweb. LockBit states that the Italian tax authorities has five days to transfer an undisclosed amount of money. The ransomware group threatens to leak the dataset if the payment comes in later than 31 July 05:15 (UTC).

The content of the dataset has not been verified. LockBit claims that a sample of the database will be released shortly. Until then, the truth is out of reach. We don’t know whether the Italian government is in contact with LockBit. If the claim is true, Italy faces one of the biggest cyber incidents in its national history.


LockBit came to light in 2019. The ransomware group actively develops an advanced malware variant. The third version appeared recently.

LockBit maintains a professional approach. The ransomware group announced a public bug bounty initiative to improve its malware. According to LockBit, security experts receive rewards ranging from €1,000 to €1,000,000 for finding and reporting bugs.

Tip: Ransomware is an APT, so you should treat it as such