Cyber Incident Victim: ÚJV Řež, a. s.

The cyber incident targeting ÚJV Řež, a. s., a Czech nuclear research institute specializing in nuclear energy safety and radiopharmaceutical development, occurred in late November 2022, with public confirmation emerging on December 1. Attackers deployed ransomware to compromise the organization's internal systems during the week preceding November 25. The intrusion specifically affected economic and administrative systems, though operational technology controlling nuclear reactors remained isolated from the breach. Institute representatives, including marketing and communications head Alena Rosáková, confirmed containment by December 1, with IT personnel restoring normal operations without functional limitations. No disruption occurred to reactor safety systems or nuclear medicine production/distribution infrastructure.

Milan Mika, the institute's spokesperson, disclosed that the National Office for Cyber and Information Security (NÚKIB) assumed investigative responsibility following initial remediation. The ransomware attack involved data encryption and system lockdowns characteristic of extortion-based campaigns, though the institute did not confirm whether data exfiltration occurred or if ransom demands were issued. Impact analysis confirmed the breach's confinement to non-operational business networks, avoiding safety-critical industrial control systems. Restoration efforts prioritized business continuity without publicized data loss or extended downtime. NÚKIB's ongoing investigation focused on attribution and attack vector analysis as of the reporting period.