Cyber Incident Victim: ELTA

On March 20, 2022, Ελληνικά Ταχυδρομεία (ELTA), Greece’s state-owned postal service, detected a ransomware attack that disrupted its operations. The organization first publicly acknowledged the incident on March 21, attributing ongoing service outages to the cyberattack and confirming its immediate containment response involved isolating the entire data center. By March 22, ELTA released additional technical details, revealing attackers had exploited an unpatched vulnerability to deploy malware on a single workstation. This malware established an HTTPS reverse shell, providing initial access to the network. The attackers’ objective was identified as encrypting systems critical to ELTA’s business operations, though no ransom demand was disclosed in official communications. The organization’s IT teams initiated forensic analysis to trace the intrusion while working to restore services.

The attack caused widespread operational paralysis, halting mail delivery, bill payment processing, and all financial transaction services indefinitely. Customers reported disruptions to parcel tracking and web-based labeling systems via ELTA’s social media channels. Internally, IT personnel conducted security sweeps of over 2,500 computers to remove malicious payloads and prevent reintroduction of threats during network reintegration. ELTA explicitly warned that the initial compromise vector—a single backdoor—could enable lateral movement for renewed encryption attempts if not fully eradicated. While no data breach was confirmed, the organization notified Greece’s consumer data protection authority due to potential exposure of customer names, addresses, and payment details. Service restoration timelines remained unspecified, prompting ELTA to direct customers to its unaffected subsidiary, ELTA Courier, for interim parcel services during the recovery effort.