ELTA, the public postal service provider in Greece, revealed a ransomware incident detected on Sunday that still keeps most of the organization’s services offline.
A initial declaration The attack came on Monday, when ELTA announced the cause of a service disruption, saying its immediate response and isolation of the entire data center helped mitigate the impact.
In a new ad today, the organization shared more details about the incident and updated its customers on the extent of the service disruptions.
Specifically, its IT teams determined that threat actors were exploiting an unpatched vulnerability to drop malware that allowed access to a workstation using an HTTPS reverse shell.
The ultimate goal of the cyberattack, according to today’s press release, was to encrypt systems critical to ELTA’s business operations. The organization makes no mention of a ransom demand.
Bleeping Computer contacted the organization for more details about the attack, but our repeated attempts went unanswered.
Since most ransomware attacks these days come with a data theft component, threat actors may have gained access to customers’ names, addresses, and even payment details, but that’s not the case. has not been confirmed.
The Greek Consumer Data Protection Authority has been informed accordingly, so if there has been a data breach, it will be determined independently.
Interruption of service throughout the country
Currently, ELTA cannot offer postal mail services, bill payment, or the processing of any form of financial transaction order. The organization has no estimate of when these services will be available again.
On ELTA’s Facebook page, users also report problems tracking their packages and not having access to online labeling services.
Currently, the agency’s IT teams are thoroughly examining more than 2,500 computers, installing security software tools and ensuring that all malicious payloads have been rooted before reintegrating them into the network.
The presence of a single backdoor can allow hackers to access ELTA’s entire corporate network with a lateral movement, again attempting large-scale encryption.
Until all systems have been checked and services are back to normal, the agency advised customers to use its subsidiary, ELTA Courier, instead, which was not impacted by cyber attack.