Cyber Incident Victim: Върховен административен съд
Date:
Jan 2025
Location:
Bulgaria
Summary
A cyberattack targeted the Supreme Administrative Court, involving ransomware that encrypted its informational and administrative systems, with hackers demanding payment. The court's acting chairman confirmed partial system restoration with no data loss, attributing the breach to potential human error while ruling out ransom payment due to legal prohibitions and an ongoing criminal investigation. The justice minister emphasized implementing urgent security measures and conducting technological audits to address vulnerabilities, acknowledging the global prevalence of such attacks against state institutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 27, 2025, Bulgarian media reported a cyberattack against the Supreme Administrative Court of Bulgaria, which occurred earlier that week. Hackers deployed malicious software that infiltrated the court’s systems and encrypted all business and informational data, rendering it inaccessible. The attackers subsequently demanded a ransom payment for decryption. Acting Court Chairman Georgi Cholakov confirmed the incident, stating that one-third of the affected systems had been fully restored at the time of his announcement, with no permanent data loss identified. Cholakov attributed the breach to a potential human error but provided no technical specifics regarding the initial attack vector or malware type. He emphasized that no data substitution could occur due to the existence of parallel paper records maintained during case proceedings. The court explicitly refused to pay the ransom, with Cholakov declaring such payments impossible for state institutions and characterizing the incident as a criminal act under investigation by the General Directorate for Combating Organized Crime (GDBOP).
The Bulgarian Minister of Justice, Georgi Georgiev, responded by announcing plans to request an official investigation and technological audit to identify systemic vulnerabilities. Georgiev acknowledged the global prevalence of state institution cyberattacks while urging immediate corrective measures, though no specific security enhancements or policy changes were detailed publicly. Forensic analysis remained ongoing through GDBOP, with no attribution to specific threat actors or disclosure of ransom amount demanded. Operational impacts included temporary disruption to court information systems, though paper-based workflows mitigated complete procedural paralysis. No secondary incidents or data leaks were reported following the encryption event. The incident highlighted persistent cybersecurity challenges facing Bulgarian judicial infrastructure, though officials maintained no sensitive records were compromised beyond temporary inaccessibility during system restoration efforts.