The Ransomhouse hacker group has claimed responsibility for stealing data from the Supreme Administrative Court’s information systems. The group published documents, including lists of employee names, personal data, and leave applications, as evidence of the breach, according to cybersecurity website Questona. Along with the leaked documents, the hackers addressed the court’s management with a message urging them to make contact.

At an extraordinary hearing before the Supreme Judicial Council, acting Chairman of the Supreme Administrative Court Georgi Cholakov confirmed that the system had been infected with one of the most advanced ransomware strains—White Rabbit. He suggested that human error might have led to the attack. While he acknowledged receiving a ransom demand, he declined to provide further details. At the time, Cholakov firmly denied that any data had been lost from the Unified Case Management Information System.

A week after the cyberattack, the Supreme Administrative Court was allocated 1.7 million leva for new servers and upgraded hardware to enhance its cybersecurity. During a parliamentary committee hearing on information management, Cholakov informed MPs that an investigation into the incident was ongoing. He revealed that 140 computers in the Supreme Administrative Court had been infected and encrypted but assured that the court’s system remained operational. However, efforts were still underway to determine whether any data had indeed been leaked.

Cholakov stated that the court managed to avoid more serious consequences since the issuance of judicial acts is still conducted on paper. He noted that if personal data had indeed been leaked, the court would be obligated to fine itself, just as it had previously fined the National Revenue Agency for a similar breach.

Meanwhile, Emil Petrov, responsible for information security at the court, explained that temporary protective measures had been implemented to secure the servers. He emphasized that proper cybersecurity requires adequate funding and additional training for court employees.

The Directorate for the Prevention of Cybercrime and Corruption reported that initial findings suggest the attack originated outside Bulgaria. The attack on the Unified Administrative and Information System (EDIS) of the administrative courts took place on January 27. During a parliamentary hearing before the Committee on Electronic Governance and Information Technologies, Cholakov confirmed that there had been a ransom message following the attack. He also acknowledged that while infected computers had lost data, copies of court documentation had been preserved.

The investigation is still ongoing, with authorities working to determine whether sensitive court data has been leaked on the dark web.

Sources:

• Bulgarian National Radio (BNR)
• Bulgarian National Television (BNT)
• BTA