Parcel delivery service CDEK ceased operations due to technical failure
The parcel delivery service CDEK paused operations on May 26 following a major technical failure. The international hacker group Head Mare claimed responsibility for this disruption, making its announcement on social media network X. The perpetrators released screenshots demonstrating their intrusion into CDEK’s system and cheekily said “hi” to the Russian cybersecurity firm, Bi.Zone, which advises CDEK on cybersecurity matters.
Use of ransomware during the attack
According to an unnamed source within CDEK and another source from a major cybersecurity company, a ransomware virus was used during the attack on CDEK’s IT systems. This type of malicious software encrypts data and denies the victim access to it.
A CDEK official spokesperson commented, “We encountered a technical issue and are conducting an investigation. We have several theories and consider it unprofessional to speak before receiving precise information.” The company did not provide information on when services may resume. According to some sources, CDEK might resume parcel receiving and delivery by May 28. Representatives from Bi.Zone refrained from commenting on the issue.
How was the ransomware introduced?
Experts highlight various modes for ransomware integration into a target system. Most often, users download such viruses via emails or other messages, and rarely it happens as a result of system hacking. Such viruses, also known as ransomware, typically propose a ransom for data access restoration once encryption is complete. The Russian Association of Electronic Commerce (RAEC) reported a 160% increase in ransomware-related cyber attacks in 2023 compared to the previous year. On average, the ransom for data decryption amounted to 53 million rubles in 2023.
Recovery speed contingent upon backup frequency
The speed at which CDEK’s systems recover depends on the company’s frequency of backup creation and the type of ransomware employed by the perpetrators. If a known malicious software is involved, a decryption program may already exist to decode the data. The Head Mare culprits released screenshots depicting the destruction of backups, claiming CDEK conducted backups every six months. However, it is cautioned not to take the words of culprits at face value as they often exaggerate the damages inflicted during an attack.
