Cyber Incident Victim: Ředitelství silnic a dálnic České republiky

On May 17, 2022, the Ředitelství silnic a dálnic České republiky (ŘSD ČR), the Czech Republic’s Road and Motorway Directorate, experienced a sophisticated ransomware attack that encrypted its data. The National Office for Cyber and Information Security (NÚKIB) classified the incident as a professionally executed cyberattack, though it withheld the attacker’s identity for tactical reasons. The attack disrupted ŘSD’s operations immediately, forcing the organization to take critical systems offline. By the following day, ŘSD’s public website and the traffic information portal Dopravniinfo.cz remained inaccessible, impairing public access to road and motorway updates. The organization partially restored its driver assistance hotline (800 280 281) but could not provide real-time traffic information through it. NÚKIB collaborated with ŘSD to recover network functionality and critical information systems, though restoration efforts were ongoing at the time of reporting.

The ransomware attack caused significant operational disruptions, particularly affecting ŘSD’s procurement processes. The electronic tender administration system Tender Arena was temporarily disabled, leading ŘSD to cancel public contracts for which bidding deadlines had expired during the outage. Other tenders were extended by approximately one week to accommodate delays. Historical context from the article notes that ransomware attacks had previously targeted Czech entities, including the Olomouc city council, Benešov Hospital, and a private grammar school in Plzeň, though no direct link was drawn to the ŘSD incident. The attack’s primary impact centered on data encryption, service interruptions, and procedural delays, with no public disclosure of ransom demands or data exfiltration. Recovery efforts prioritized restoring essential services while NÚKIB continued its investigation without revealing attribution details.