Hellenic Post (ELTA) Suffers Ransomware Attack

Hellenic Post, also known as ELTA, has been targeted by the ransomware group vicesociety, resulting in a significant disruption to their operations. The attack was first detected on Sunday and has forced the organization to pull a majority of its services offline. ELTA is a state-owned provider of postal services in Greece, operating in the Consumer Services sector. The company has been working to restore its systems after the ransomware attack, which was initially thought to be a simple malware attack but later identified as a targeted ransomware attack aimed at encrypting critical systems.

The attack originated from a workstation on ELTA's network and utilized the HTTPS reverse shell technique to establish a connection to the attacker's computer, thereby allowing the attacker to gain interactive shell access for arbitrary command execution. The company is currently examining more than 2,500 computer systems and installing fresh programs to address security issues.

The ransomware attack has caused significant disruption, with the temporary suspension of all commercial information systems of all post offices throughout the country. This incident has also affected the sending of packages, letters, and parcels, causing delays in the payment of pensions. ELTA has not yet disclosed the size of the ransom or any specific vulnerabilities that may have contributed to the attack. However, the company has isolated its entire data center and taken immediate precautions to prevent further damage.

The ransomware group vicesociety has claimed responsibility for the attack on the dark web leak site. The group is known for its targeted attacks on various industries, including the industrials sector, which continues to be the most frequent victim of ransomware. The attack on ELTA is part of a broader trend of ransomware attacks in Europe and North America, with both regions seeing a similar number of victims of double-extortion ransomware attacks.

Sources

• Greece's public postal service offline due to ransomware attack
• Greece's national postal service restoring systems after ransomware attack
• Ransomware Attack Disrupts Greek Postal Services
• Greek Post Restarts Services After Cyber-Attack Downs System