Italian Police Disrupt Ransomware Gangs Targeting Nonprofits and NAS

Dismantling of Diskstation Ransomware Gang

Italian police, in collaboration with French and Romanian law enforcement, have successfully dismantled a Romanian ransomware gang known as “Diskstation.” This group targeted civil rights organizations, film production companies, and international nonprofits predominantly in the Lombardy region of Italy. The gang is accused of encrypting victims’ systems and demanding large cryptocurrency ransoms to restore access to their data, as reported by Italy’s Postal and Cybersecurity Police in a statement.

The operation was initiated after numerous companies reported being locked out of their systems. Following a detailed investigation, which included cooperation with international law enforcement, several Romanian nationals allegedly involved in the attacks were identified. Raids in Bucharest led to the seizure of digital evidence and the apprehension of suspects, including the suspected leader, a 44-year-old Romanian man, who is now facing charges of unauthorized access to computer systems and extortion.

According to earlier reports, the Diskstation gang has been active since at least 2021, primarily exploiting vulnerabilities in internet-connected Synology Network-Attached Storage (NAS) devices, commonly used in corporate environments for file storage. The attacks have affected several industries, including graphic design and event management, causing severe disruptions to operations.

Cybersecurity Measures for NAS Devices

The increasing threat from gangs like Diskstation has prompted experts to emphasize the importance of securing NAS devices. Synology has been providing users with guidelines to protect their systems from ransomware attacks. Key recommendations include minimizing internet exposure, strengthening password security, and ensuring regular backups of critical data.

To further enhance security, users are advised to enable two-step verification (2FA) and disable or rename default “admin” accounts, which are common targets for attackers. Furthermore, disabling unnecessary remote services and utilizing Synology’s built-in firewall to restrict access can help mitigate risks.

For ongoing updates and information on preventing ransomware attacks on NAS devices, users can refer to Synology's website.

Recent Developments in Cybercrime

In parallel, European and U.S. law enforcement have disrupted operations of the pro-Russian hacker group known as NoName057(16). The group is infamous for executing large-scale distributed denial-of-service (DDoS) attacks against Ukraine and its allies. This operation, dubbed Operation Eastwood, involved the targeting of over 100 servers used by the group, severely crippling its infrastructure.

Authorities have issued multiple arrest warrants for Russian nationals believed to be leading the group, and over 1,100 alleged supporters have been contacted about potential criminal liability. The group's decentralized model and recruitment strategies, primarily through pro-Russian channels and gaming forums, have contributed to its rapid expansion and operational capabilities.

Conclusion

For businesses and organizations, the threat of cybercrime, particularly from ransomware gangs like Diskstation and hacking groups such as NoName057(16), underscores the necessity of robust cybersecurity measures. Ensuring that systems are updated, adequately protected, and that staff are trained on cybersecurity practices is more crucial than ever.

For tailored cybersecurity solutions and support, explore our services at [Company Name] (company url), and contact us for professional assistance in securing your digital landscape.