THE IT systems belonging to Italian State Railways (FS) and its subsidiaries Trenitalia and Italian Rail Network (RFI) suffered a major ransomwear cyber-attack on March 23 which disrupted ticket sales at stations, passenger information screens and affected tablets used by railway staff.  

As a precaution, Trenitalia blocked the accounts of some passengers and shut down a lot of its IT services including ticket sales at stations, although passengers were still able to buy tickets online. Passengers who had not been able to purchase tickets were allowed to buy them onboard from the conductor without penalty. FS was unable to update passenger information screens at stations. 

Rail freight operator Metrans published a short message on its website on March 24. “This event caused a complete suspension of all trains. We are monitoring the situation and our customer service colleagues will inform you about the impact on your shipments.” 

IT services started to return to normal on March 24, but the RFI website still has the following message: “For problems external to RFI's IT network, the real-time information services on are not currently available.” 

The Rome Prosecutor’s Office has launched an investigation into the attack, while FS is working with Italy’s national cyber security agency and the police to try to identify the attacker.