Ransomware Attack on Slovak Cadastral portal – Explained in Simple Terms
The Government System of Geodesy, Cartography and Cadastre
Authority of the Slovak Republic, has been out of service since
January 6, 2025. Cadastral offices are closed. The Cadastral
system became the target of a ransomware attack. Currently, it is
not possible to verify property ownership. This case study
describes the state's relevant options in such a crisis situation.
It also discusses technical possibilities as well as the economic
impacts of this attack.
Table of Contents:
- Overview of the Attack
- Principles of Ransomware Attack
- Economic Impacts of Katasterportál's Downtime
- Conclusion of the Case Study
- Article Sources
- Press Release Archive (translated into English)
Overview of the Attack
Geodesy, Cartography and Cadastre Authority of the Slovak
Republic (ÚGKK SR) was targeted by a ransomware attack on January
6, 2025, resulting in the complete shutdown of its systems.
Ministry of interior of Slovak Republic on January 8, 2025, announced, that The cadastral departments of district offices in Slovakia are temporarily closed due to a significant cyberattack on the information system of the Office of Geodesy, Cartography, and Cadastre (ÚGKK SR), which oversees and provides their services. The National Crime Agency is investigating the case, with further updates to be provided by the police as the situation evolves. The ÚGKK SR continues to monitor and report on the incident’s developments.
Geodesy, Cartography and Cadastre Authority of the Slovak Republic is a central state administrative body overseeing geodesy, cartography, and real estate cadastre. Its responsibilities include setting geodetic systems, managing state positioning services using satellite systems, maintaining state borders, producing and updating maps, standardizing geographical names, and managing geospatial information systems. In the real estate cadastre field, it supervises cadastral departments, ensures compliance with regulations, and oversees task execution related to property records.
The nationwide shutdown of this critical registry has caused
significant disruptions, including the halt of real estate
registration and verification systems, which has impacted property
transactions, banking, construction, and state tax revenue
collection. Prolonged downtime risks cascading economic effects
such as disrupted financial flows, reduced GDP growth, and loss of
public trust. The attack exposed vulnerabilities in state IT
systems, underscoring the urgent need for secure backups and
enhanced cybersecurity measures. Swift expert intervention and
transparent communication are essential to mitigating the crisis
and restoring functionality.
- Official site of Geodesy, Cartography and Cadastre Authority:
- Summary of sources and translation of official messages and press releases
Principles of Ransomware Attack
Basic Principle of Ransomware
Ransomware is a malicious computer program (virus) that infects computers and servers within an organization's internal network. This malicious code has three main objectives:
- to spread across the entire network,
- to identify and compromise the most critical and valuable parts of the system (security vulnerabilities, server locations, databases, IT infrastructure map),
- to encrypt the files of every infected computer and/or server.
The attacker’s goal is to disable the system and demand a ransom – usually in cryptocurrency, such as Bitcoin. After paying the ransom, the attacker may or may not send the password to decrypt the systems and restore the data.
There is typically no legal recourse to force the attacker to provide the password (attacker anonymity).
The attacker often places a timer in the system, which, if the ransom is not paid, starts deleting data on all available devices.
State and Attacker Options in a Ransomware Attack
According to available information, the attacker demanded a 7-digit ransom amount in dollars. (According to articles on zive.aktuality.sk, see sources at the end of the article)
State's options are:- pay the ransom,
- refuse to pay the ransom and restore systems independently.
- send the password to decrypt the systems,
- increase the ransom amount and NOT send the password,
- have no intention of sending the password.
Possible State Responses in a Ransomware Attack
- Basic Protection:
- immediately shut down all devices in the compromised system (ideally disconnect from power),
- then analyze, restore, and decrypt the system server by server, computer by computer,
- if possible, restore the entire system from backup,
- ensure that no infected computers from the original network remain connected to the newly restored network.
- Attempt to Obtain the Decryption Password:
- obtaining the password directly from the attacker,
- obtaining the password through other means, such as analyzing computers and network communication, or through an IT attack on the attacker.
- For state systems, it is typical that they are part of public tenders for significant sums, yet they are often poorly developed without the necessary IT expertise and experienced IT leadership (e.g., critical system components developed by students).
- As a result, state systems may contain numerous security vulnerabilities, making them prime targets for cyberattacks, including ransomware.
- The most valuable asset in a ransomware attack is time. Therefore, there will be no time to tender the system repair. As a result, it will be necessary to call in experts without requiring a tender process.
- It is challenging to predict how the situation will develop, whether from a political or economic perspective.
Probability of System Backup Availability
- In the case of a ransomware malware attack, the attacker targets sensitive parts of the system containing critical data. One of the targets is the production system itself, which provides the main services. The production system is used by the public and internal employees of the cadastral office.
- A valuable target in a ransomware attack also includes locations where system backups are stored. If critical system backups are not securely protected and are accessible within the internal network, it is possible that the attacker may have infected and encrypted these system backups as well.
- Ideal backups in the event of a ransomware attack are storage solutions located outside the main system network (separated backup network) or offline backups without power, such as external drives, magnetic tapes, or other high-capacity devices.
- The attacker’s goal is to prevent a rapid system recovery, as the inability to restore the system strengthens the attacker’s negotiating position.
- It is assumed that offline backups of this system exist from older dates, potentially months or years ago. The state leadership has not yet disclosed the date of the most recent backup, its quality, or how missing records from more recent periods can be reconstructed.
Attacker's Motives
The most likely reasons for an attacker to use a ransomware attack:
- Military weapon of Russia (the goal of this attack would be to disable the systems of an enemy, i.e., an EU state, using an IT and economic weapon),
- Military weapon of Ukraine (the goal of the attack would be to pressure Prime Minister R. Fico and his government to abandon their pro-Russian stance on the war in Ukraine),
- Data collection for social engineering (the goal of the attack is to monitor the response of all state components and gather valuable data on the behavior of the state leadership and its citizens),
- To obtain a ransom (However, this is unlikely given Russia's war expenses in Ukraine, exceeding $100 billion in 2023 - source: https://www.reuters.com/world/europe/russia-doubles-2023-defence-spending-plan-war-costs-soar-document-2023-08-04/)
Without further information, the motives of the attacker remain rather unclear. Therefore, the motives mentioned above should be considered speculative.
Economic Impacts of the Downtime of the Cadastral Portal
The Cadastral Portal ensures the registration of real estate, records of their owners, and details of ownership (e.g., lien rights, seals, reasons for property ownership).
The data of property owners is public. Therefore, the most significant financial impact does not lie in the leakage of sensitive data but in the non-functionality of this public real estate register.
The Cadastral Portal is a critical component of public administration. The importance of the Cadastral Portal is typically underestimated as long as the service is operational.
Economic impacts of the portal depend on how long this system will be non-functional.
Potential Impacts
- Downtime of up to 1 week – minimal impact,
- Downtime from 1 week to 1 month – severe impact,
- Downtime exceeding 1 month – critically endangering the functioning of the state.
Most Affected Sectors
- Real estate sector (due to the inability to record changes in property ownership (sales) and to verify whether the owner truly owns the property),
- Construction sector (inability to buy and sell properties),
- Banking sector (inability to register, change, or cancel liens on properties for loans or mortgages),
- State tax revenues (due to the non-functionality of the Cadastral Portal, it is not possible to verify the registration of property owners. It is also essential to mention the direct impact on property taxes, with the tax return submission deadline being January 31, 2025).
Possibilities of Cascading Effects
- In case of problematic system restoration, further consequences are expected, such as slowed money transfers, jeopardized tax collection, and significant risks to the financial rating of the Slovak state on international markets.
Statistical Data on Slovakia's Economy
- Slovakia's GDP for 2023 – approximately 132,000,000,000 USD
- (Source: https://tradingeconomics.com/slovakia/gdp).
Summary of Economic Impacts
- In the event of delayed restoration of the Cadastral Portal, Slovakia may face severe economic consequences, threatening property ownership, disrupting financial flows in the economy, and potentially jeopardizing the development of the country's GDP. Public trust in the state may also be at risk.
Possible Media Reactions of Public Officials
- Not commenting on the situation,
- Commenting conservatively and reassuring the public,
- Acknowledging the truth and severity of the situation and proposing solutions to reassure both the general and professional public.
Impacts of Media Reactions
- Ordinary citizens are likely to remain calm and underestimate the situation until it becomes either severe (long-term unavailability of the Cadastral Portal) or resolved (the portal becomes operational again).
- IT professionals are aware of the seriousness of the situation and will closely monitor when and if the Cadastral Portal is restored. Statements by politicians such as "No data leakage occurred" may be interpreted as "Data leakage occurred." This caution stems from misleading statements by Prime Minister Robert Fico in April 2024, where he claimed that his government would not increase taxes (Source).
- Financial institutions (banks, insurance companies), IT firms, and other major companies have IT experts in their management capable of assessing the seriousness of the situation.
- In case the systems remain non-functional, inquiries from foreign reporters and the need to answer uncomfortable questions are expected.
Assumptions for Creating This Case Study
This case study draws from the basic principles of ransomware attacks targeting commercial enterprises and government agencies. It also utilizes available information such as:
- Official announcements and reports on the websites skgeodesy.sk and minv.sk about a possible ransomware attack on the Cadastral Portal,
- Recommendations for Cadastral Portal employees not to turn on computers, indicating an indirect sign of a ransomware attack (internal information from a personal visit to the cadastral office),
- Non-functional systems of the Cadastral Portal since January 8, 2025,
- Practical findings from quality tests of state IT systems.
- (Examples of information sources are listed below in Press Release Archive)
Similar conclusions to those in this study can be drawn by most IT professionals. However, this study stands out as the first to provide a more comprehensive perspective on the situation from the viewpoint of an IT consultant as early as January 10, 2025. Additionally, it explains the topic in plain language.
Conclusion of the Case Study
Slovakia is currently facing one of the most serious crises of the state, significantly affecting the national economy.
- I recommend responding to the situation by involving IT experts as well as specialists from the affected sectors/departments. On the contrary, it is not advisable to underestimate the situation.
- I recommend transparent communication about the situation and proposing solutions to reassure both the professional and general public.
- I also recommend ensuring the protection and backups of other critical state infrastructure systems. It is possible that several other government portals could be attacked similarly to the Cadastral Portal.
Author:
Ing. Robert Durec,IT Consultant, Data Architect, and Editor-in-Chief at BlueNumbers.com and BlueNumbers.sk
Created on: January 10, 2025
Last edit: January 11, 2025
Sources:
Links to the Cadastral Portal- https://kataster.skgeodesy.sk/eskn-portal/vyhladavanie (non-functional search)
- https://zbgis.skgeodesy.sk/mapka/ (non-functional map)
Articles about the non-functionality of the Cadastral Portal
(Original messages and their translations are part of the Press Release Archive on this page)
2025-01-06
The Geodetic Portal https://www.skgeodesy.sk/ announces for the first time a major system outage
https://www.skgeodesy.sk/sk/
2025-01-08:
Press release from the Ministry of Interior
https://www.minv.sk/?tlacove-spravy-8&sprava=katastralne-odbory-okresnych-uradov-az-do-odstranenia-nasledkov-kybernetickeho-utoku-nebudu-poskytovat-sluzby-pripadom-sa-zaobera-policia
Other articles:
- Russia expected defense spending plan for 202
- GDP of Slovakia
Press Release Archive (translated into English)
The Press Release Archive includes original Slovak announcements along with their English translations from official websites:- The Government System of Geodesy, Cartography and Cadastre Authority of the Slovak Republic
- The press release from the Ministry of the Interior of the Slovak Republic.
Screenshot of the website skgeodesy.sk with news from 2025-01-06 to 2025-01-08

2025-01-06, SKGeodesy.sk Slovak original announcement
Vážení používatelia informačných systémov a elektronických
služieb ÚGKK SR,
informujeme Vás o rozsiahlom technickom
výpadku všetkých systémov a služieb, ktoré spravuje ÚGKK SR.
Tento technický výpadok dočasne spôsobil obmedzenie prístupu ku
všetkým našim elektronickým službám a informačným systémom. V
súčasnosti prebieha intenzívna analýza tohto technického výpadku a
následné zabezpečovacie opatrenia.
Náš tím odborníkov intenzívne pracuje na obnovení plnej funkčnosti
informačných systémov a elektronických služieb.
Prosíme o trpezlivosť a pochopenie, kým tento technický výpadok
plne nevyriešime. O ďalšom vývoji vzniknutej situácie Vás budeme
priebežne informovať prostredníctvom našej webovej stránky a
ďalších komunikačných kanálov.
Ďakujeme za Vašu dôveru a pochopenie.
Úrad geodézie, kartografie a katastra SR
2025-01-07, SKGeodesy.sk Slovak original announcement
Úrad geodézie, kartografie a katastra SR oznamuje, že katastrálne
odbory okresných úradov budú dňa 08.01.2025 zatvorené a nebudú
poskytovať žiadne služby. Existuje predpoklad, že dňa 09.01.2025
bude fungovať režim na katastrálnych odboroch okresných úradov s
obmedzenými možnosťami. O ďalšom vývoji situácie Vás budeme
informovať. Odporúčame naďalej sledovať webovú stránku Úradu
geodézie, kartografie a katastra SR.
Za porozumenie ďakujeme.
2025-01-08, SKGeodesy.sk Slovak original announcement
Systémy ÚGKK SR sa stali cieľom kybernetického útoku.
Všetky systémy sú odstavené.
Na sfunkčnení systémov intenzívne pracujeme s podporou expertov na
kybernetickú bezpečnosť.
Pracoviská katastrálnych odborov okresných úradov budú preventívne
až do odstránenia dôsledkov kybernetického útoku dočasne
uzatvorené.
2025-01-06, SKGeodesy.sk English translation of Official Announcement
Dear users of the information systems and electronic services of the Geodesy, Cartography, and Cadastre Authority of the Slovak Republic (ÚGKK SR),
We would like to inform you about a major technical outage affecting all systems and services managed by ÚGKK SR.
This technical outage has temporarily restricted access to all of our electronic services and information systems. Currently, an intensive analysis of this technical outage is underway, along with subsequent security measures.
Our team of experts is working diligently to restore the full functionality of the information systems and electronic services.
We kindly ask for your patience and understanding while we fully resolve this technical issue. Updates on the situation will be provided via our website and other communication channels.
Thank you for your trust and understanding.
The Geodesy, Cartography, and Cadastre Authority of the Slovak Republic
2025-01-07, SKGeodesy.sk English translation of Official Announcement
The Geodesy, Cartography, and Cadastre Authority of the Slovak Republic announces that the cadastral departments of district offices will be closed on 08 January 2025 and will not provide any services.
It is expected that on 09 January 2025, the cadastral departments of district offices will operate with limited capacity. Updates on the situation will be provided as they become available.
We recommend continuing to monitor the website of the Geodesy, Cartography, and Cadastre Authority of the Slovak Republic.
Thank you for your understanding.
2025-01-08, SKGeodesy.sk English translation of Official Announcement
The systems of ÚGKK SR have been targeted by a cyberattack.
All systems have been shut down.
We are working intensively on restoring the systems with the support of cybersecurity experts.
The offices of cadastral departments at district offices will be
temporarily closed as a precaution until the consequences of the
cyberattack are resolved.
2025-01-08 Ministry of Interior of Slovakia official press release in Slovak (minv.sk)
Screenshot of the website minv.sk with press release about
cyberattack from 2025-01-08
Katastrálne odbory okresných úradov až do odstránenia
následkov kybernetického útoku nebudú poskytovať služby,
prípadom sa zaoberá polícia
08. 01. 2025
Informačný systém Úradu geodézie, kartografie a katastra
SR, ktorý využívajú katastrálne odbory okresných úradov, bol
zasiahnutý rozsiahlym kybernetickým útokom zo zahraničia.
Pracoviská katastrálnych odborov budú preto preventívne až do
odstránenia dôsledkov kybernetického útoku dočasne uzatvorené.
Katastrálne odbory na okresných úradoch sú odborne a metodicky
riadené ÚGKK SR a pri poskytovaní služieb využívajú informačné systémy ÚGKK SR, ktorý
ako správca systému informuje o aktuálnom vývoji situácie (Link
to https://www.skgeodesy.sk/sk/).
Prípadom sa zaoberá Úrad boja proti organizovanej kriminalite.
Presnú kvalifikáciu skutku bude možné ustáliť až na základe
vykonaných procesných úkonov. Bližšie informácie Policajný zbor
poskytne ihneď, ako to procesná situácia dovolí.
2025-01-08 English Translation of Press Release from Ministry of Interior of Slovakia about ransomware attack
Cadastral Departments of District Offices Will Not Provide Services Until the Consequences of the Cyberattack Are Resolved, The Case Is Being Investigated by the Police
08 January 2025
The information system of the Geodesy, Cartography, and Cadastre Authority of the Slovak Republic (ÚGKK SR), used by the cadastral departments of district offices, has been affected by a large-scale cyberattack from abroad. As a preventive measure, the offices of the cadastral departments will remain temporarily closed until the consequences of the cyberattack are resolved.
The cadastral departments at the district offices are
professionally and methodologically managed by ÚGKK SR and utilize
the information systems of ÚGKK SR in providing services. As the
system administrator, ÚGKK SR will inform about the current
situation developments (Contains link to
https://www.skgeodesy.sk/sk/).
The case is being handled by the Office for the Fight against Organized Crime. The exact classification of the crime will be determined only after the necessary procedural actions are carried out. The Police will provide further information as soon as the procedural situation allows.
Back to HomePage
