Students in class up to sixth grade but ransomweare attack on the electronic register provided by the Italian company Axios. All the details
Return to school for 5 million students marked by a ransomweare attack that in many classes has sent the electronic school register register haywire.
Since 3 April, the platform provided by the company Axios Italia Service Srl has had a series of malfunctions.
The cloud based application, also accessible via the app, which records absences, grades, judgments, lecture topics and other daily annotations, was the subject of a cyber attack.
"Following the attack suffered by our platform, we send below the instructions to manage the emergency log of the protocol," said Axios, referring to the cyber attack.
According to what is learned from well-informed sources, the hackers have asked for a ransom in bitcoin for the tens of thousands of stolen files. Axios filed a complaint with the Rome Postal Police. No essential data would be lost.
By tomorrow, the Italian company ensures the restoration of all functions, but perhaps we will talk about it again for Monday 12 April.
All the details.
BRUSH RETURN TO SCHOOL FOR STUDENTS AND PROFESSORS
The Axios Italia company has confirmed the impasse of the electronic register which many professors, parents and students only noticed on 6 April, on the day of the return to face-to-face teaching in many areas.
The disruption to the electronic register of the school is due to an increasingly widespread computer virus that makes data inaccessible and demands the payment of a ransom to restore it.
ELECTRONIC REGISTER AND MORE, WHAT AXIOS ITALIA DOES
Axios Italia is the company that develops software for the management of the school office. Axios provides online secretarial services to 40% of schools in our country, so we are talking about rather extensive critical issues. Since last Friday the program is no longer functioning properly, as confirmed by Stefano Rocchi, sole director of Axios Italia Service in an interview on 6 April with Giornalettismo .
THE HACKER ATTACK
The problems with the platform date back to last weekend and would be the product of a hacker attack suffered in the night between Friday and Saturday.
An attack that Axios herself describes as the "ransomware" type, the increasingly widespread malware that limits access to the infected device, requiring a ransom to be paid (often in bitcoin) for the return to normalcy.
“Friday night, around 2am, we suffered a latest generation ransomware attack – Rocchi told Giornalettismo -, released for the first time on March 21st, with the various security systems updated against this ransomware on Saturday morning. With much bad luck, we were attacked the previous night, when our security systems still didn't know it. There was no data loss, nor did anything come out of our archives. Unfortunately the infrastructure went down and we have been working on this since Saturday morning ”.
"In the meantime, we are waiting for the report from Aruba (which hosts the electronic registry service) to understand how this attack was different from the others and where they entered from," added Rocchi.
REDEMPTION REQUIRED IN BITCOIN
On the evening of April 7, news arrives of a bitcoin ransom requested by cyber pirates.
AXIOS ASKED FOR SUPPORT FROM MOMIT SRL AND SWASCAN SRL
Therefore Axios asked for the help and support of two expert IT security companies, Momit Srl and Swascan Srl. One of which works for the American army, Corriere stressed.
THE COMPLAINT TO THE POSTAL POLICE
On April 6, the company filed the complaint with the postal police.
NO EXFILTRATED DATA
"And the two companies have drawn their conclusions: no data has been deleted, nor released from the systems," writes the Corriere .
WHAT DATA CONTAINS THE KING
"The online electronic register, in fact, contains attendance and absences of students, their assessments, as well as the assignment of tasks, the provision of various didactic resources, including multimedia, but also communications for students and families".
THE COMPANY'S POSITION
The company apologizes "for the inconvenience caused". And he ensures that "from the investigations carried out at the moment, there are no data losses and / or exfiltrations".
Therefore, the company has provided users with instructions for managing the emergency register of the protocol, with attachments "the facsimiles of the models to be used both for opening the register and for its compilation and closure".
NOT DEEMED NECESSARY NOTICE TO THE GUARANTOR OF PRIVACY
The company communicated to school managers that "There are no reasons why it would be necessary, pursuant to Article 33 paragraph 1 of EU Regulation 2016/679 (Gdpr), to notify the Guarantor for the Protection of Personal Data, since there are no risks for the rights and freedoms of individuals ".
Pursuant to the GDPR, Axios could in fact risk penalties if it does not comply with the notification process of the data breach.
Finally, the company added that – for the same reasons – “it is not even considered necessary to notify the interested parties (pupils, parents, staff, etc.), pursuant to Article 34 of EU Regulation 2016/679.
But the electronic register will still be out of use for a few days.
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/axios-che-cosa-e-successo-al-registro-elettronico-delle-scuole/ on Thu, 08 Apr 2021 11:20:08 +0000.