Hellenic Post (ELTA) ransomware attack
A ransomware attack attributed to the Vice Society gang paralysed Greece's national postal operator ELTA for roughly eight days, halting financial services and pension payments, with data later leaked and a €2.99 million GDPR fine in 2024.
- Victim
- Hellenic Post (ELTA)
- Loss
- $3.2M
- users
- 5.0M
On the evening of 20 March 2022, Hellenic Post (ELTA) — Greece's national postal operator — was crippled by a ransomware attack that knocked out commercial systems across the entire post-office network for roughly eight days. Reporting attributed the attack to the Vice Society extortion gang, which struck a service millions of Greeks rely on for mail, bill payment and pensions.
What happened
Attackers gained entry by exploiting an unpatched vulnerability, then used an HTTPS reverse shell to move through ELTA's network before deploying ransomware against its commercial information systems. With those systems down, every post office lost the ability to process mail and parcels, bill collection, financial services and pension payments.
ELTA detected the intrusion on Sunday evening, immediately notified law enforcement and engaged an IT-security firm. As a containment measure, more than 2,500 terminal systems were individually examined before services could be safely restored.
Impact
- The disruption affected an estimated five million customers, employees and partners who interact with ELTA.
- Services were restored in stages: partial mail/parcel distribution on 22 March, financial services and bill collection on 24 March, and nationwide pension payments on 28 March — about eight days of disruption.
- The Vice Society gang later leaked stolen data, including financial information, on its dark-web site, turning the incident into a double-extortion data breach.
Regulatory aftermath
On 28 February 2024, the Greek Data Protection Authority (HDPA) imposed an administrative fine of 2,995,140 euro (about $3.2 million) on ELTA, finding violations of Articles 5(1) and 32 of the GDPR. The regulator concluded ELTA had not implemented sufficient technical security measures and lacked adequate data-protection policies — a rare multimillion-euro penalty against a state-owned operator.
Why it matters
The ELTA attack is a landmark national postal infrastructure case. It showed how a single unpatched vulnerability could halt an essential public service that underpins payments and pensions for an entire country, and how double-extortion ransomware combines operational paralysis with data leakage. The subsequent GDPR fine made clear that even critical state operators face serious financial and legal consequences when basic patching and security controls fail — cementing the incident as a reference point for resilience and accountability in the postal and logistics sector.
Timeline
On Sunday evening, attackers exploit an unpatched vulnerability and deploy ransomware across ELTA's commercial information systems using an HTTPS reverse shell.
ELTA publicly reports the attack; all post offices lose access to commercial, bill-collection, mail and financial services.
Partial services resume — mail and parcel distribution restart without financial functions.
Financial services and bill-collection are restored after examining over 2,500 terminal systems.
Pension payments resume nationally, completing about eight days of disruption.
The Greek Data Protection Authority fines ELTA 2,995,140 euro for breaching GDPR Articles 5(1) and 32 over inadequate security.
Sources
- therecord.mediahttps://therecord.media/greeces-national-postal-service-restoring-systems-after-ransomware-attack
- databreachtoday.comhttps://www.databreachtoday.com/ransomware-attack-disrupts-greek-postal-services-a-18778
- govwatch.grhttps://govwatch.gr/en/finds/apd-paraviasi-toy-gkpd-apo-ta-ellinika-tachydromeia/
- vpnoverview.comhttps://vpnoverview.com/news/greeces-hellenic-post-crippled-by-cyberattack/