vicesociety attacks Hellenic Post (ELTA)
Incident Date:
May 4, 2022
Overview
Title
vicesociety attacks Hellenic Post (ELTA)
Victim
Hellenic Post (ELTA)
Attacker
Vicesociety
Location
First Reported
May 4, 2022
Hellenic Post (ELTA) Suffers Ransomware Attack
Hellenic Post, also known as ELTA, has been targeted by the ransomware group vicesociety, resulting in a significant disruption to their operations. The attack was first detected on Sunday and has forced the organization to pull a majority of its services offline. ELTA is a state-owned provider of postal services in Greece, operating in the Consumer Services sector. The company has been working to restore its systems after the ransomware attack, which was initially thought to be a simple malware attack but later identified as a targeted ransomware attack aimed at encrypting critical systems.
The attack originated from a workstation on ELTA's network and utilized the HTTPS reverse shell technique to establish a connection to the attacker's computer, thereby allowing the attacker to gain interactive shell access for arbitrary command execution. The company is currently examining more than 2,500 computer systems and installing fresh programs to address security issues.
The ransomware attack has caused significant disruption, with the temporary suspension of all commercial information systems of all post offices throughout the country. This incident has also affected the sending of packages, letters, and parcels, causing delays in the payment of pensions. ELTA has not yet disclosed the size of the ransom or any specific vulnerabilities that may have contributed to the attack. However, the company has isolated its entire data center and taken immediate precautions to prevent further damage.
The ransomware group vicesociety has claimed responsibility for the attack on the dark web leak site. The group is known for its targeted attacks on various industries, including the industrials sector, which continues to be the most frequent victim of ransomware. The attack on ELTA is part of a broader trend of ransomware attacks in Europe and North America, with both regions seeing a similar number of victims of double-extortion ransomware attacks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.