The cyberattacked started from a zero-day malware installed on a workstation
A hacking group attacked the Hellenic Post and managed to shut down the central postal system in Greece for almost two days. The Hellenic Post faced a cyberattack on their information systems through malicious software installed by the hackers, who then even demanded the payment of ransom.
“It was determined that the targeted cyberattack aimed at encrypting the critical systems for the operation of the Hellenic Post, started from zero-day malware, which was installed on a workstation and with the https reverse shell technique was connected to a computer system controlled by a hacking group,” said the Hellenic Post for the attack.
The Hellenic Post decided to isolate the entire Data Center of the company to prevent any more malicious activities and the expansion of the attack. The company took all the necessary actions to cope with the cyberattack. It announced a temporary suspension of the business information system of all post offices in Greece.
To solve the technical problems that occurred during the attack, more than 2.500 terminal systems were examined one by one for IT security purposes. At the same time, a software agent was also installed. As stated by the Hellenic Post, the aim of these actions was the immediate re-opening of the business information system. Moreover the security of all data and the faster normalization of the operation of the stores.
Due to the attack, for almost two days the local branches of the Hellenic Post could not carry out tasks such as bill collection, mailing, and financial services.
“The immediate reaction and actions of the competent official functions limited and prevented the spread of the attack. We have been informed immediately and are working closely with all relevant government authorities as well as with IT companies specializing in cybersecurity” the Hellenic Post stated in a written announcement.
Hellenic Post Cyberattack: Hackers demanded ransom
The hacking group behind the attack demanded a ransom to “fix” the Hellenic Post’s services they had blocked. The cyberattack targeted the boxes and the package transfer system of the Hellenic Post. However, the administration of the organization never started a negotiation with the hackers for the payment of ransom.
So far, the amount demanded by the hackers is not known, nor is their identity. Nevertheless, this cyberattack consists of an unprecedented incident for Greece. Although in other countries it is common practice for hackers to attack companies or organizations and then demand ransom, in Greece this is the first time this has happened.
According to experts, the hackers managed to enter the systems of the Hellenic Post with greater ease due to the company’s outdated information equipment which allowed them to install their ransomware undisturbed.
In addition to the assistance of IT companies specializing in cybersecurity the Hellenic Post also requested the contribution of the Police to identify the perpetrators of the cyberattack.
The company managed to restart the network systems that encountered problems by the cyberattack in almost two days. It turned out the hackers limited themselves to installing malware and did not proceed with other illegal actions, such as stealing money since the Hellenic Post is also responsible for distributed pensions and few social benefits.