The incident has all the tell-tale signs of a ransomware attack, apart from a ransom demand.
Cyberattack on ELTA, What Happened?
ELTA released a statement on Monday, March 21, informing the public about a malware attack on its IT systems. ELTA added that it was isolating the company data center, consequently shutting the commercial information systems of its post offices. Following this, on Tuesday, the state-owned provider released a new statement with more details about the attack. ELTA’s IT teams discovered that the hackers exploited an unpatched vulnerability to drop malware onto one of the company’s workstations. After this, the threat actor continued its access using an HTTPS reverse shell. Apparently, the hackers’ goal was to encrypt systems critical for ELTA’s operations. However, ELTA has not said anything about a ransom demand so far. Furthermore, it is unclear if the attackers stole any personal information like names, contact information, or banking details.
Update on ELTA’s Functioning Services
In its latest statement, ELTA said that its services like mail post, bill payment, or financial transaction order processing are unavailable. Many customers have complained about problems with tracking parcels and accessing web landing services on ELTA’s Facebook page. On the bright side, the state-owned postal service announced it would resume distribution of mails and parcels starting Tuesday, March 22. While there is no indication of when the offline services will be available again, the provider did give an indication of the challenge its IT teams are facing.
ELTA’s IT Teams Working to Restore Operations
ELTA said its teams are currently carrying out a thorough examination of over 2,500 computers. Additionally, they are installing software tools and making sure that all of the malicious payloads have been removed before re-integrating the computers into the network. “The goal is the immediate re-opening of the commercial information system, the security of all data and the faster normalization in the operation of the stores,” ELTA’s statement reads. Furthermore, ELTA has advised customers to use its subsidiary, ELTA Courier, until all its systems are checked and restored. Facing a ransomware attack is a terrifying prospect for any organization. This is even true for smaller businesses, who can be the targets of cybercriminals looking to make a quick buck. These criminals usually obtain a license from a developer to use their ransomware. If you want to learn more, head over to our detailed guide on ransomware-as-a-service (RaaS).
