The Ransomhouse hacker group announced that it possesses data extracted from the information systems of the Supreme Administrative Court (SAC). Their statement, which was made on the dark web, was reported by the cybersecurity and data protection site Questona. As proof that they have the information stolen from the SAC, the hackers are publishing some of the data.
We are mainly talking about documents with names and personal data of employees, wrote the legal site "Lex". The files posted on the Ransomhouse site are mainly documents with lists, leave applications and various documents, or at least that is what their names suggest. They have already been viewed by 530 people on the dark web.
"Dear management of the Supreme Administrative Court of Bulgaria, we strongly recommend that you contact us", says the Ransomhouse message.
As is known, the Supreme Administrative Court fell victim to a cyberattack on January 27, 2025, and Acting President Georgi Cholakov announced that about two-thirds of the computers were affected by it. In all likelihood, these are those that were not turned off when the virus was released.
After the hacker attack on the Supreme Administrative Court, a ransom was demanded from the court, Cholakov said at the end of January. According to him, one-third of the system has been fully restored. There was no loss of information. He added that data replacement is impossible, because there is also paper information when considering the cases.
"There is no way to give a ransom. I believe that what has been done may have some results in private companies, but it cannot happen in state institutions. This is a crime that has been committed, an investigation is underway in the Directorate for the Prevention of Corruption and I cannot give more information", said Georgi Cholakov.
"I insist on urgent measures and an audit, a technological audit, to see where and what is not working. Hacker attacks against state institutions are happening all over the world", added then the Minister of Justice Georgi Georgiev.
One of the most modern malicious software was used against the Supreme Administrative Court - the White Rabbit ransomware. And Cholakov indicated that it probably penetrated the court system due to human error. He did not provide details, but it usually involves opening a suspicious email message, through which the virus penetrates the specific computer, and from there into the networks and other devices connected to them.
The hacker attack temporarily crashed the Unified Case Management Information System (EDIS), used by all administrative courts, but the data in it was "saved", as it is backed up daily. After it, the Supreme Administrative Court received about 1.7 million leva for new servers and hardware equipment.
Information outside of the EDIS was lost in the attack, such as draft decisions, for example.
The specialized website Questona explains that some hacker groups do the so-called double extortion. Initially, the hackers penetrate the information system, copy the data and then encrypt it. Then they demand a ransom for both decryption and not publishing it on the internet.
Usually a small part of the copied data is published as a warning like: "We have your data, pay or we will publish everything".