Introduction

A significant ransomware cyber-attack [7] [10], attributed to the group “Kapor,” has severely impacted the information systems of the Office of Geodesy, Cartography [2] [4] [5] [6] [7] [8] [9] [10] [11], and Cadastre of the Slovak Republic (ÚGKK) [2] [8] [11]. This incident has disrupted essential services [6], raised concerns about data security, and prompted a governmental response to mitigate the damage and prevent future threats.

Description

A significant ransomware cyber-attack [7] [10], attributed to a group known as “Kapor,” has severely impacted the information systems of the Office of Geodesy, Cartography [2] [4] [5] [6] [7] [8] [9] [10] [11], and Cadastre of the Slovak Republic (ÚGKK) [2] [8] [11]. The attack, which began on January 5, 2023, at 8:50 AM [1], rendered the electronic cadastral services and the systems utilized by district office cadastral departments unavailable, leading to their temporary closure as a preventive measure. Initially, the Interior Ministry described the situation as a minor outage, but it was later confirmed on January 8 that ÚGKK had been affected by a large-scale cyber-attack from abroad. The situation was first reported on January 6, and officials acknowledged the attack five days after it occurred, with employees admitting to it earlier [3]. In response to the incident [8], all systems were disconnected from external networks to prevent further spread, resulting in the unavailability of electronic services related to the land registry. Access to all electronic services through the central portal slovensko.sk has been restricted [1], causing issues with submitting electronic applications to the agency and other state administration bodies [1]. Limited operations are expected to resume on January 9, 2023 [2].

UGKK chairman Juraj Celler emphasized that no changes are being made to the cadastral database or ownership records. Agriculture Minister Richard Takáč and Interior Minister Matúš Šutaj Eštok have assured the public that no data has been lost and that sensitive information remains secure [3]. A crisis management team is actively collaborating with cybersecurity experts to restore the system. Despite having multi-layered backups, concerns have been raised regarding their adequacy [1], as some attackers reportedly copied databases and threatened to publish them. The recovery process may take weeks or months due to insufficient quality backups and limited data recovery options. Ethical hacker Pavol Lupták indicated that the attackers gained access to data [1], encrypted it [1] [2], and deleted unencrypted files [1], demanding a ransom potentially amounting to seven figures in dollars [1]. Employees have been instructed to refrain from using their computers during this period [2].

The attack has drawn criticism from opposition parties [6], particularly the Freedom and Solidarity (SaS) party, which has labeled the situation a scandal and a fundamental failure of the government [6]. SaS leader Branislav Gröhling condemned the government’s handling of the situation [10], claiming it reflects a failure to protect citizens and maintain state functions [10]. Calls for accountability have been directed at Interior Minister Matúš Šutaj Eštok and Prime Minister Robert Fico. Additionally, the incident has disrupted essential services for towns and municipalities [6], affecting operations such as the PAAS parking system in Bratislava [6]. The Office for Combating Organized Crime (UBOK) is investigating the unauthorized interference with the real estate registry system and coordinating with cybersecurity experts to mitigate damage and restore full functionality.

Concerns regarding the security of sensitive national data have prompted an extraordinary meeting of the parliamentary committee responsible for the National Security Office [2], scheduled for January 14, 2023 [2], where the directors of both the National Security Office and ÚGKK will be present [2]. Experts suggest that foreign hackers likely exploited insufficient security measures and system vulnerabilities, and the Slovak government is actively working to respond to the ransomware attack and protect critical national infrastructure from future cyber threats [2]. Prime Minister Fico announced that the Security Council of Slovakia would convene to address the cyber-attack [10], emphasizing the need for government representatives to communicate clearly with the public regarding the situation [10]. The government has suggested a possible connection to Ukraine [3], although no evidence has been provided [3], and President Peter Pellegrini described the attack as unprecedented and serious [3]. The pro-Russian Slovak National Party has called for the Ukrainian ambassador to be summoned for clarification [3], while opposition figures continue to demand accountability from government officials regarding the incident [3].

Conclusion

The ransomware attack on the Slovak Republic’s cadastral systems has highlighted vulnerabilities in national cybersecurity infrastructure, leading to significant disruptions in public services. The government’s response, including collaboration with cybersecurity experts and the establishment of a crisis management team, aims to mitigate the immediate impacts and restore functionality. However, the incident underscores the need for enhanced security measures and robust data recovery strategies to safeguard against future cyber threats. The situation has also sparked political debate and calls for accountability, emphasizing the importance of transparent communication and effective governance in addressing cybersecurity challenges.

References

[1] https://www.topky.sk/cl/10/2940189/KOLAPS-katastrov–Prve-slova-kompetentnych–Problem-hasime–udaje-obnovime–upokojuje-sef-uradu
[2] https://cybermaterial.com/slovak-land-registry-hit-by-cyberattack/
[3] https://spectator.sme.sk/politics-and-society/c/news-digest-fico-blames-ukraine-for-cyberattack-on-land-registry-president-calls-for-government-action
[4] https://newsnow.tasr.sk/takac-cyber-attack-on-ugkk-biggest-in-slovak-history/
[5] https://forum.babylonjs.com/t/slovak-cadastre-information-system-hacked/55873
[6] https://spectator.sme.sk/politics-and-society/c/news-digest-quite-possibly-the-worst-cyber-attack-in-history-of-slovakia
[7] https://www.topky.sk/cl/10/2940111/Vybor-na-kontrolu-bezpecnostneho-uradu-k-situacii-na-katastri-zasadne-v-utorok–SaS-vyzyva-na-skorsie-riesenie
[8] https://www.infosecurity-magazine.com/news/slovakia-hit-by-large-scale/
[9] https://hnonline.sk/style/tech/96188387-utok-ransomware-kataster-ugkk-it-bezpecnost-odbornici-nazor
[10] https://spravy.pravda.sk/domace/clanok/736718-k-utoku-na-kataster-zasadne-stat-az-v-piatok-podla-sas-je-to-neskoro-sutaj-estok-sa-schovava-a-mlci/
[11] https://rsoe-edis.org/eventList/details/789597/0