Cyber Incident Victim: Hellenic Public Properties Company
Date:
Nov 2023
Location:
Greece
Summary
The Hellenic Public Properties Company (ETAD) experienced a ransomware attack where hackers encrypted systems and demanded payment, though the organization refused negotiations. ETAD activated emergency protocols, including isolating affected systems to contain the malware, and relied on backups and independent servers to restore operations gradually. The company confirmed its systems were operational post-attack, denying claims of broader impacts on linked entities, and emphasized its upgraded security measures following a prior ransomware incident at another Greek institution. Cyber insurance coverage was utilized to mitigate damages, with restoration efforts ongoing and relevant authorities notified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 8, 2023, the Hellenic Public Properties Company (ETAD) detected a ransomware attack that compromised its systems. The attackers encrypted organizational data and were suspected of exfiltrating sensitive information to pressure ETAD into paying a ransom. Upon discovery, ETAD immediately shut down affected systems to contain the malware’s spread and prevent further operational disruption. Company officials confirmed they had activated established emergency protocols for cyber incidents, which included reliance on regularly maintained backups stored on independent servers. ETAD declined to disclose specific ransom demands or engage in negotiations with the threat actors, emphasizing a policy against capitulating to extortion. The organization stated its operations experienced limited disruption due to these containment measures, with gradual restoration of services underway shortly after the attack.
ETAD publicly denied rumors that the incident impacted systems belonging to the Greek Superfund, clarifying that all its infrastructure remained operational following security audits confirming no broader compromise. The company attributed its effective containment response to recently upgraded security systems, which were enhanced after analyzing prior ransomware attacks against other Greek public sector entities like Hellenic Post (ELTA). ETAD highlighted its preexisting cyber insurance policy as part of a risk mitigation strategy covering potential digital extortion and recovery costs. Restoration efforts prioritized reactivating core functions while maintaining communication with relevant government ministries regarding the incident’s scope and recovery progress. No data leaks or additional attacker activity were reported following the initial containment.