Greece’s national postal service restoring systems after ransomware attack

Greece’s national postal service, ELTA, said it is in the process of fully restoring its systems following a ransomware attack that took place on Sunday night. 

ELTA – also known as the Hellenic Post – said in a statement on Thursday that the “complete restoration of the company's systems is evolving according to its plan.”

“From today, Thursday 24 March, ELTA branches will now provide financial services, including the collection of bills, the sending of simple mail, small packages and the sale of philatelic products,” the organization said. 

“In addition, ELTA Courier will serve the shipment of parcels abroad. ELTA also informs the public that from next Monday, March 28, pension payments will be paid throughout the country, based on their estimated payment times. ELTA will continue to report responsibly on the progress of the full rehabilitation plan and related work.”

ELTA has released multiple updates on the situation after reporting on Monday that it was struggling to deal with a ransomware attack they discovered on Sunday evening. Officials immediately notified law enforcement and hired an IT security firm to help with the recovery process. 

They isolated all ELTA data centers and suspended the commercial information systems of all post offices. 

The service is the largest retail and logistics network in the country, with about 7,000 employees and more than 1,400 physical locations. 

By Tuesday, ELTA provided more information about what happened, explaining that the attackers sought to encrypt their systems by installing ransomware on a workstation using a  “HTTPS reverse shell technique.” ELTA said the threat actors managed to exploit an unpatched vulnerability during the attack. 

“In order to solve this technically difficult project, more than 2,500 terminal systems were examined one by one for IT security reasons, while agents programs have also been installed,” they said.  

“[On] Tuesday 22 March, the distribution of mail and parcels will be done normally, but the stores will not serve the collection of bills, the sending of mail and financial services. However, all these functions, except the financial ones, will be normally served by ELTA Courier, as this event is not related to its operation.”

Greek news outlet Kathimerini reported on Wednesday that the Communications Privacy Protection Authority (ADAE) has asked for a report on the attack but security officials told them that no sensitive data was breached.

Dozens of people took to the organization’s Facebook page to report issues with a wide variety of services throughout the week. 

ELTA did not respond to requests for comment about whether the data of customers was accessed during the attack.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.