# Latvian Forestry Company Grapples with Ongoing Recovery After Ransomware Attack

*Published July 10, 2026*
*Source: [https://therecord.media/latvia-state-owned-foresty-company-lvm-ransomware](https://therecord.media/latvia-state-owned-foresty-company-lvm-ransomware)*

## Executive Summary

Latvijas Valsts Mezi, Latvia's state-owned forestry company, is still recovering from a June ransomware attack that disrupted operations and exposed sensitive data. The attack, linked to a foreign ransomware group, has not compromised Latvia's election infrastructure but continues to pose a threat to various Latvian organizations.

## Article

Latvijas Valsts Mezi, Latvia's state-owned forestry company, is still in the process of restoring its IT systems following a ransomware attack that occurred in late June. This cyberattack not only disrupted internal operations but also affected customer and contractor services, notably the company's mapping platform and hunting application. According to the company's Chief Technology Officer, Maris Kuzmins, restoring normal operations is proving challenging, with two-thirds of service contract customers still unable to access necessary systems. The attackers exploited an unpatched vulnerability in software that had not been updated for two years, although the specific software was not disclosed. Despite the severity of the attack, Latvijas Valsts Mezi reported no ransom demand and stated they would refuse payment if one were made. The national computer emergency response team, CERT.LV, attributed the attack to a foreign ransomware group known for targeting NATO and EU countries. This group leaked 44 gigabytes of data online, which included sensitive internal documents and credentials. The breach also drew attention due to LVM's involvement with Latvia's electronic voter registration system, though authorities confirmed this infrastructure remains uncompromised. In a related incident, a server belonging to Latvian pharmaceutical company Olpha was also compromised by the same threat actor, although it was swiftly contained. CERT.LV continues to monitor the activities of this group as they search for vulnerabilities within Latvian organizational infrastructures.
