Cyber Attack on Latvijas valsts meži – Attributed to Foreign Ransomware Group
A foreign financially motivated ransomware group has claimed responsibility for the cyber attack on Latvijas valsts meži (LVM). Cert.lv is investigating and supporting the company, while LVM gradually restores its systems.
The Latvian cybersecurity incident response institution Cert.lv has announced that a foreign ransomware group – financially motivated and known for similar attacks on companies and state institutions in other countries, including NATO and EU member states – is behind the recent cyber attack on AS 'Latvijas valsts meži' (LVM).
Cert.lv continues to provide assistance to LVM in investigating the incident and mitigating its consequences. The attackers have leaked data obtained during the attack, prompting a detailed analysis of the leaked information to identify potential additional damage vectors. All third parties that may be at risk are being notified and receiving recommendations for preventive actions.
LVM's IT team is gradually restoring internal systems. Some systems are already operational, and work is underway to restore applications such as 'LVM GEO' and 'Mednis', used by recreationists, hunters, and forestry workers. External systems were deactivated for security reasons since the attack began.
Cert.lv director Baiba Kaškina previously stated that the attack appears commercially motivated. The perpetrator described their activities on a hacker forum, boasting about their 'trophies'. LVM has filed a report with the State Police regarding the incident.
