Greece’s public postal service, ELTA (or Hellenic Post S.A.), has been forced offline due to a ransomware attack affecting the majority of the organization’s services, including mail post, bill payments, and processing of financial transaction orders.
“For reasons of prevention and security, and until all the necessary actions are completed, it was decided to isolate the entire data center of the company. Therefore, we announce the temporary suspension of the commercial information system of all post offices,” ELTA said in a statement.
ELTA’s IT team has determined that threat actors exploited an unpatched vulnerability to install malware with the goal of encrypting its business-critical operations. The ELTA services disrupted included mail post, bill payments and financial transaction order processing.
It remains unclear precisely what types of data have been seized by the threat actors. Hence, it remains possible that customer names, addresses and financial information have fallen into the wrong hands.
Evaluating the situation and the wider impact for Digital Journal is JP Perez-Etchegoyen, CTO at Onapsis.
Perez-Etchegoyen sets out what happened with the attack: “Reports suggest that threat actors targeted ELTA with the objective of encrypting business-critical systems, underlining just how crucial it is for organizations to prioritize vulnerability identification and management.”
The impact was considerable, says Perez-Etchegoye, calling out: “Business-critical systems house an array of important, confidential information, including that of customers, products and employees. This makes them highly common targets for cybercriminals hoping to disrupt day-to-day processes and hold this data for ransom.”
From this incident lessons can be learnt, says Perez-Etchegoyen: 2Organizations must be proactive in closing gaps in these systems by prioritizing business-critical application security and vulnerability management.”
There are protective measures that can be adopted, which Perez-Etchegoyen spells out: “To protect these valuable systems from ransomware, enterprises must monitor all systems crucial for business operations for any cyber threats, including missing patches, broad authorizations, insecure integrations or misconfigurations, and immediately apply all relevant mitigations.”
Perez-Etchegoyen concludes by advising: “With these precautions, companies can help ensure that IT environments remain secure and critical business operations are efficient and dependable.”