Sofia, Bulgaria – The hacker group Ransomhouse has claimed responsibility for a cyberattack on Bulgaria’s Supreme Administrative Court, leaking sensitive employee data and urging the court’s management to make contact.
The breach, which was first reported by cybersecurity website Questona, exposed documents including employee names, personal data, and leave applications.
At an extraordinary hearing before the Supreme Judicial Council, acting Chairman of the Supreme Administrative Court Georgi Cholakov confirmed that the court’s system had been infected with the advanced ransomware strain White Rabbit.
He suggested that human error might have played a role in the breach and acknowledged receiving a ransom demand, though he declined to disclose further details.
Despite the hackers’ claims, Cholakov initially denied that any data had been lost from the Unified Case Management Information System.
A week after the cyberattack, the Supreme Administrative Court was allocated 1.7 million leva to purchase new servers and upgrade hardware in a bid to bolster cybersecurity measures. During a parliamentary committee hearing on information management, Cholakov informed MPs that an investigation into the incident was ongoing.
He revealed that 140 computers in the court had been infected and encrypted but assured lawmakers that the judicial system remained operational. Efforts were still underway to determine whether any court data had indeed been leaked.
Cholakov emphasized that the court had managed to avoid more severe consequences due to the continued use of paper-based judicial act issuance.
However, he acknowledged that if personal data had been compromised, the court would be obligated to fine itself, just as it had previously fined the National Revenue Agency for a similar breach.
Meanwhile, Emil Petrov, the court’s head of information security, explained that temporary protective measures had been put in place to secure the servers.
He stressed that effective cybersecurity requires proper funding and additional training for court employees to prevent future attacks.
The Directorate for the Prevention of Cybercrime and Corruption has reported that initial findings suggest the attack originated from outside Bulgaria.
The cyberattack targeted the Unified Administrative and Information System (EDIS) of the administrative courts on January 27.
During a parliamentary hearing before the Committee on Electronic Governance and Information Technologies, Cholakov confirmed that a ransom message had been received following the attack.
He also acknowledged that while infected computers had lost data, copies of court documentation had been preserved. Authorities are continuing to investigate whether any sensitive court data has been leaked onto the dark web.
The incident has raised concerns about the vulnerability of Bulgaria’s judicial institutions to cyber threats, prompting calls for stronger security measures and enhanced digital protections.
This article was created using automation technology and was thoroughly edited and fact-checked by one of our editorial staff members