Major international events aren’t just sporting celebrations. They are global showcases, complex infrastructures, and, increasingly, strategic targets for hostile cyber operations.
In the run-up to the Milan-Cortina 2026 Winter Olympics, Italy has entered a phase of unprecedented digital exposure , where the risk of ransomware affects not only private companies, but also institutions, supply chains, hospitality facilities, and essential services.
In early February 2026, Italian authorities confirmed a series of coordinated cyberattack attempts , attributed to pro-Russian groups, against embassies, hotels, and systems connected to the Olympic event. The attacks were foiled, but they were far from random.
The context of the attack: why Milan-Cortina is an ideal target
According to ANSA and the Ministry of Foreign Affairs of Italy, the intrusion attempts detected between February 2 and 6, 2026, involved diplomatic infrastructure, hotel facilities, and information systems indirectly linked to the organization of the Games. The goal was not only technical sabotage, but also reputational and operational instability.
Investigative sources indicate the involvement of the NoName057(16) collective, already known for DDoS campaigns and disruptive activities against European countries. In these cases, ransomware represents the natural evolution: no longer just blocking, but monetizing and blackmailing.
As also underlined by L’Espresso, the critical element is the extended attack surface:
- IT suppliers,
- hospitality,
- transportation,
- ticketing,
- logistics
- digital communication.
Every weak link can become an entry point.
From cyber threat to ransomware risk
Many of the preliminary attacks tied to major events don’t immediately manifest as ransomware. They begin with network scans, targeted phishing attacks targeting operational personnel, and compromised third-party vendor credentials.
This silent phase is the most dangerous. According to CISA , attackers can remain within a network for over 90 days before activating final encryption.
In the case of Milan-Cortina, the goal would not have been to immediately shut down the central Olympic systems, but to affect collateral infrastructure: hotels, transportation, local digital services. A widespread disruption, even if fragmented, would have had a huge impact on the perceived safety of the event.
The institutional response: containment and prevention
The Italian authorities responded swiftly. The National Cybersecurity Agency of Italy strengthened monitoring and deployed dedicated teams in Milan and Cortina d’Ampezzo , in coordination with national CERTs and international partners.
Foreign Minister Antonio Tajani confirmed that the attacks were intercepted before causing operational damage , a sign of growing maturity in defense, but also of a concrete and persistent threat.
However, as is often the case, institutional protection does not automatically cover the private sector. Many SMEs involved in the Olympic supply chain do not have structured plans to deal with a ransomware crises, nor verified and truly isolated backups. In a scenario of high media exposure, even a single incident can generate a domino effect that is difficult to contain.
This is where the real systemic risk emerges.
The role of companies: preparation or exposure
Companies operating around major events tend to focus on business continuity and delivery. Cybersecurity is often perceived as an incidental cost until it becomes an emergency.
According to NIST , organizations without a tested incident response plan take up to 60% longer to recover systems after a ransomware attack.
As Andrea Baggio, CEO of HelpRansomware , points out:
“Big events amplify existing mistakes. Ransomware doesn’t target those in the spotlight, but those who aren’t prepared to defend themselves when the spotlight turns on.”
Case analysis: what would have happened without containment
Analyzing similar scenarios (Tokyo Olympics, FIFA World Cup, Expo), a recurring pattern emerges:
- initial access via phishing or compromised provider;
- lateral movement towards critical systems;
- data exfiltration;
- selective encryption;
- ransom demand with threat of public leak.
In the context of Milan-Cortina, even a single successful attack on a hotel chain or a local IT service could have caused cancellations, information blackouts and triggered a real ransomware reputational crisis, amplified by international media attention and geopolitical pressure.
According to Juan Ricardo Palacio, CoFounder & CEO America of HelpRansomware:
Ransomware today is a tool of geopolitical pressure. It’s not necessary to strike at the heart of the system: just destabilize the margins.
Lessons learned and operational recommendations
This case demonstrates that defense cannot be merely reactive. A structured approach is needed that includes:
- dedicated ransomware response plans;
- offline backups tested;
- continuous staff training;
- supplier control;
- attack simulations.
Companies that work with high-exposure events should consider cybersecurity as an integral part of operational risk, just like physical security. This means investing in concrete policies, data protection, network segmentation and regularly tested response procedures.
For more information on prevention and response strategies, you can consult HelpRansomware’s internal resources on ransomware , protection and recovery , which are specifically dedicated to highly critical scenarios.
Milan-Cortina as a testing ground
The foiled attacks of February 2026 are not an isolated incident, but a clear signal. Ransomware has firmly entered the major events landscape as a tool for pressure, sabotage, and profit.
Milan-Cortina represents a test for Italy, but also an opportunity: to demonstrate that preparation, coordination, and digital resilience can make the difference between a predicted crisis and an averted accident.
At HelpRansomware, we work on these scenarios every day, supporting companies and institutions with prevention, response, and recovery. Because when the target is large, preparation isn’t an option: it’s a responsibility.
