Greece’s public postal service, ELTA, has been forced offline due to a ransomware attack affecting the majority of the organization’s services, including mail post, bill payments, and processing of financial transaction orders. ELTA’s IT team has determined that threat actors exploited an unpatched vulnerability to install malware with the goal of encrypting its business-critical operations.
JP Perez-Etchegoyen, CTO at Onapsis weighed in on this cybersecurity incident:
“Reports suggest that threat actors targeted ELTA with the objective of encrypting business-critical systems, underlining just how crucial it is for organizations to prioritize vulnerability identification and management. Business-critical systems house an array of important, confidential information, including that of customers, products and employees. This makes them highly common targets for cybercriminals hoping to disrupt day-to-day processes and hold this data for ransom.
Organizations must be proactive in closing gaps in these systems by prioritizing business-critical application security and vulnerability management. To protect these valuable systems from ransomware, enterprises must monitor all systems crucial for business operations for any cyber threats, including missing patches, broad authorizations, insecure integrations or misconfigurations, and immediately apply all relevant mitigations. With these precautions, companies can help ensure that IT environments remain secure and critical business operations are efficient and dependable.”