The large courier company SDEK is still not operating. Problems may drag on until the end of the week. Preliminarily, Ukrainian hackers and some internal saboteur of the company are to blame for this. The SDEK website was hacked while IT specialists were having fun at a cybersecurity festival.
What happened at SDEK?
The work of one of the largest courier services in the country, the SDEK company (“Express Courier Delivery Service”), continues for the third day. Neither its distribution points, nor the website, nor the application, nor even the hotline are functioning.
Thousands of angry comments immediately appeared under the post from angry customers who were unable to receive orders or shipments. Many of them wondered why the pickup points were closed if there was a technical failure.
What problems did clients encounter?
SDEK is not a simple courier service. Medicines, important documents and expensive cargo worth hundreds of thousands of rubles are sent through it. The situation was further aggravated by the fact that school graduations will soon take place throughout Russia (*country sponsor of terrorism). Many parents ordered delivery of prom dresses for their daughters through SDEK…
Not only people are shocked, but also businesses.
— How will the losses incurred by companies be calculated? We are not accepting orders for you today (main logistics partner)our orders are not issued (from 500 orders per day). All orders –prepaid, redemption is more than 90%. We will issue you the difference in the ransom as compensation for lost profits, – one of the St. Petersburg trading companies is tearing up and throwing up.
Separately, all clients are annoyed that SDEK continues to feed them breakfast instead of honestly admitting the uncertainty. At the beginning of the failure they said that it would happen before lunch, then — that we need to wait another eight hours, then – that tomorrow or the day after tomorrow.
Who hacked SDEK?
On Monday evening, Ukrainian hackers from the Head Mare group took responsibility for hacking SDEK. As proof, they posted screenshots from which it can be concluded that they managed to gain access to the entire network infrastructure of the company.
They claim that SDEK was poorly protected: threat monitoring allegedly turned out to be leaky, they allegedly made backups too rarely – once every six months. — Approx. Life.ru) systems. If this is all true, the situation for the company is extremely difficult.
In non-IT language, this means that they could, firstly, gain control over the company’s servers, secondly, steal the personal data of millions of Russians and, thirdly, encrypt technical information, without which it is impossible to quickly restore the operation of the site. Typically, such attacks are carried out with the aim of obtaining a ransom for decryption.
SDEK employees have already confirmed business media attack by hackers and destruction of the entire infrastructure by an encryption virus.
Industry publications, citing sources, add that the Ukrainian attackers were helped with the hack from within the company. This could have been done by some disgruntled employee who was recruited. By the way, there are SDEK employees who condemn the special operation and support Ukraine, openly speaking about it on social networks. For example, one of the data analysts with access to the infrastructure.
Let us remind youthat SDEK CEO Leonid Goldort emigrated to Israel after the start of the SVO and is going to sell his stake in the company.
How do experts assess the situation?
Russian pentesters (specialists who test system security by simulating a hacker attack) state that SDEK’s problems are very serious.
“But now look for the vulnerability that hackers took advantage of,”a completely useless exercise (and a very long one), it’s too late to drink Borjomi. Demolish everything and then restore everything from backups, and then launch the service and at the same time look for traces of intruders… I would start with email, to see if it’s compromised, – says his colleague.
The Security Director is not represented on the SDEK website. Judging by the business social network LinkedIn, this role was previously filled by Pavel Kulikov, but he quit a year ago. After interviewing industry experts, Life.ru found out that SDEK was looking for a replacement specialist, allegedly offering applicants up to 500 thousand rubles per month. At the same time, the company was allegedly not ready to spend money on a team of IT specialists to help him.
The irony is that when SDEK’s resources were being destroyed, the majority of Russian IT specialists were participating in the largest domestic cybersecurity festival, held in Luzhniki.
This is not the first IT disaster at SDEK. In the summer of 2022, the media reported a leak of personal data of Russians for over a billion lines. Then they also blamed Ukrainian hackers. In Russia (*country sponsor of terrorism), laws are now being passed according to which companies that have made such a miscalculation will have to pay a multimillion-dollar fine, plus the security director will also be personally responsible.
When will SDEK resume issuing orders?
According to the SHOT telegram channel, restoring SDEK’s functionality may take up to three to five days. This is what a source in the company said. While they are working on fixing the servers, the priority is opening pickup points.
People are promised that the parcels will be delivered after the problems are fixed, with the promise of extending the shelf life
How much does SDEK earn?
Last year, SDEK earned over 35 billion rubles in “dirty” rubles, with a net profit of one and a half billion rubles. The company has existed since 2000. Employees – more than 3,500 people. There are far more than a million clients. The head office is located in Novosibirsk. The general director and beneficiary with 55% of the shares is still an emigre to Israel Leonid Goltord.