Ransomware Attack on Slovak Cadastral portal – Explained in Simple Terms

The Government System of Geodesy, Cartography and Cadastre Authority of the Slovak Republic, has been out of service since January 6, 2025. Cadastral offices are closed. The Cadastral system became the target of a ransomware attack. Currently, it is not possible to verify property ownership. This case study describes the state's relevant options in such a crisis situation. It also discusses technical possibilities as well as the economic impacts of this attack.

Table of Contents:

Overview of the Attack

Geodesy, Cartography and Cadastre Authority of the Slovak Republic (ÚGKK SR) was targeted by a ransomware attack on January 6, 2025, resulting in the complete shutdown of its systems.

Ministry of interior of Slovak Republic on January 8, 2025, announced, that The cadastral departments of district offices in Slovakia are temporarily closed due to a significant cyberattack on the information system of the Office of Geodesy, Cartography, and Cadastre (ÚGKK SR), which oversees and provides their services. The National Crime Agency is investigating the case, with further updates to be provided by the police as the situation evolves. The ÚGKK SR continues to monitor and report on the incident’s developments.

Geodesy, Cartography and Cadastre Authority of the Slovak Republic is a central state administrative body overseeing geodesy, cartography, and real estate cadastre. Its responsibilities include setting geodetic systems, managing state positioning services using satellite systems, maintaining state borders, producing and updating maps, standardizing geographical names, and managing geospatial information systems. In the real estate cadastre field, it supervises cadastral departments, ensures compliance with regulations, and oversees task execution related to property records.

The nationwide shutdown of this critical registry has caused significant disruptions, including the halt of real estate registration and verification systems, which has impacted property transactions, banking, construction, and state tax revenue collection. Prolonged downtime risks cascading economic effects such as disrupted financial flows, reduced GDP growth, and loss of public trust. The attack exposed vulnerabilities in state IT systems, underscoring the urgent need for secure backups and enhanced cybersecurity measures. Swift expert intervention and transparent communication are essential to mitigating the crisis and restoring functionality.

Principles of Ransomware Attack

Basic Principle of Ransomware

Ransomware is a malicious computer program (virus) that infects computers and servers within an organization's internal network. This malicious code has three main objectives:

The attacker’s goal is to disable the system and demand a ransom – usually in cryptocurrency, such as Bitcoin. After paying the ransom, the attacker may or may not send the password to decrypt the systems and restore the data.

There is typically no legal recourse to force the attacker to provide the password (attacker anonymity).

The attacker often places a timer in the system, which, if the ransom is not paid, starts deleting data on all available devices.

State and Attacker Options in a Ransomware Attack

According to available information, the attacker demanded a 7-digit ransom amount in dollars. (According to articles on zive.aktuality.sk, see sources at the end of the article)

State's options are: Attacker's options, if the ransom is paid, are:

Possible State Responses in a Ransomware Attack

State Systems Status Impossibility of Tendering System Recovery

Probability of System Backup Availability

Attacker's Motives

The most likely reasons for an attacker to use a ransomware attack:

Without further information, the motives of the attacker remain rather unclear. Therefore, the motives mentioned above should be considered speculative.

Economic Impacts of the Downtime of the Cadastral Portal

The Cadastral Portal ensures the registration of real estate, records of their owners, and details of ownership (e.g., lien rights, seals, reasons for property ownership).

The data of property owners is public. Therefore, the most significant financial impact does not lie in the leakage of sensitive data but in the non-functionality of this public real estate register.

The Cadastral Portal is a critical component of public administration. The importance of the Cadastral Portal is typically underestimated as long as the service is operational.

Economic impacts of the portal depend on how long this system will be non-functional.

Potential Impacts

Most Affected Sectors

Possibilities of Cascading Effects

Statistical Data on Slovakia's Economy

Summary of Economic Impacts

Possible Media Reactions of Public Officials

Impacts of Media Reactions

Assumptions for Creating This Case Study

This case study draws from the basic principles of ransomware attacks targeting commercial enterprises and government agencies. It also utilizes available information such as:

Similar conclusions to those in this study can be drawn by most IT professionals. However, this study stands out as the first to provide a more comprehensive perspective on the situation from the viewpoint of an IT consultant as early as January 10, 2025. Additionally, it explains the topic in plain language.

Conclusion of the Case Study

Slovakia is currently facing one of the most serious crises of the state, significantly affecting the national economy.

Author:

Ing. Robert Durec,
IT Consultant, Data Architect, and Editor-in-Chief at BlueNumbers.com and BlueNumbers.sk
Created on: January 10, 2025
Last edit: January 11, 2025

Sources:

Links to the Cadastral Portal

Articles about the non-functionality of the Cadastral Portal
(Original messages and their translations are part of the Press Release Archive on this page)
2025-01-06
The Geodetic Portal https://www.skgeodesy.sk/ announces for the first time a major system outage
https://www.skgeodesy.sk/sk/
2025-01-08:
Press release from the Ministry of Interior
https://www.minv.sk/?tlacove-spravy-8&sprava=katastralne-odbory-okresnych-uradov-az-do-odstranenia-nasledkov-kybernetickeho-utoku-nebudu-poskytovat-sluzby-pripadom-sa-zaobera-policia

Other articles:

Press Release Archive (translated into English)

The Press Release Archive includes original Slovak announcements along with their English translations from official websites:

Screenshot of the website skgeodesy.sk with news from 2025-01-06 to 2025-01-08

Message about Ransomware Attack on SKGeodesy.sk

2025-01-06, SKGeodesy.sk Slovak original announcement

Vážení používatelia informačných systémov a elektronických služieb ÚGKK SR, 

informujeme Vás o rozsiahlom technickom výpadku všetkých systémov a služieb, ktoré spravuje ÚGKK SR.
Tento technický výpadok dočasne spôsobil obmedzenie prístupu ku všetkým našim elektronickým službám a informačným systémom. V súčasnosti prebieha intenzívna analýza tohto technického výpadku a následné zabezpečovacie opatrenia.
Náš tím odborníkov intenzívne pracuje na obnovení plnej funkčnosti informačných systémov a elektronických služieb.
Prosíme o trpezlivosť a pochopenie, kým tento technický výpadok plne nevyriešime. O ďalšom vývoji vzniknutej situácie Vás budeme priebežne informovať prostredníctvom našej webovej stránky a ďalších komunikačných kanálov.

Ďakujeme za Vašu dôveru a pochopenie.

Úrad geodézie, kartografie a katastra SR

2025-01-07, SKGeodesy.sk Slovak original announcement

Úrad geodézie, kartografie a katastra SR oznamuje, že katastrálne odbory okresných úradov budú dňa 08.01.2025 zatvorené a nebudú poskytovať žiadne služby. Existuje predpoklad, že dňa 09.01.2025 bude fungovať režim na katastrálnych odboroch okresných úradov s obmedzenými možnosťami. O ďalšom vývoji situácie Vás budeme informovať. Odporúčame naďalej sledovať webovú stránku Úradu geodézie, kartografie a katastra SR.
 
Za porozumenie ďakujeme.

2025-01-08, SKGeodesy.sk Slovak original announcement

Systémy ÚGKK SR sa stali cieľom kybernetického útoku.
Všetky systémy sú odstavené.
Na sfunkčnení systémov intenzívne pracujeme s podporou expertov na kybernetickú bezpečnosť.
Pracoviská katastrálnych odborov okresných úradov budú preventívne až do odstránenia dôsledkov kybernetického útoku dočasne uzatvorené.

2025-01-06, SKGeodesy.sk English translation of Official Announcement

Dear users of the information systems and electronic services of the Geodesy, Cartography, and Cadastre Authority of the Slovak Republic (ÚGKK SR),

We would like to inform you about a major technical outage affecting all systems and services managed by ÚGKK SR.

This technical outage has temporarily restricted access to all of our electronic services and information systems. Currently, an intensive analysis of this technical outage is underway, along with subsequent security measures.

Our team of experts is working diligently to restore the full functionality of the information systems and electronic services.

We kindly ask for your patience and understanding while we fully resolve this technical issue. Updates on the situation will be provided via our website and other communication channels.

Thank you for your trust and understanding.

The Geodesy, Cartography, and Cadastre Authority of the Slovak Republic

2025-01-07, SKGeodesy.sk English translation of Official Announcement

The Geodesy, Cartography, and Cadastre Authority of the Slovak Republic announces that the cadastral departments of district offices will be closed on 08 January 2025 and will not provide any services.

It is expected that on 09 January 2025, the cadastral departments of district offices will operate with limited capacity. Updates on the situation will be provided as they become available.

We recommend continuing to monitor the website of the Geodesy, Cartography, and Cadastre Authority of the Slovak Republic.

Thank you for your understanding.

2025-01-08, SKGeodesy.sk English translation of Official Announcement

The systems of ÚGKK SR have been targeted by a cyberattack.

All systems have been shut down.

We are working intensively on restoring the systems with the support of cybersecurity experts.

The offices of cadastral departments at district offices will be temporarily closed as a precaution until the consequences of the cyberattack are resolved.


2025-01-08 Ministry of Interior of Slovakia official press release in Slovak (minv.sk)

Zdroj: https://www.minv.sk/?tlacove-spravy-8&sprava=katastralne-odbory-okresnych-uradov-az-do-odstranenia-nasledkov-kybernetickeho-utoku-nebudu-poskytovat-sluzby-pripadom-sa-zaobera-policia

Screenshot of the website minv.sk with press release about cyberattack from 2025-01-08
Ministry of Interior first official message about
        Ransomware attack

Katastrálne odbory okresných úradov až do odstránenia následkov kybernetického útoku nebudú poskytovať služby, prípadom sa zaoberá polícia
08. 01. 2025

Informačný systém Úradu geodézie, kartografie a katastra SR, ktorý využívajú katastrálne odbory okresných úradov, bol zasiahnutý rozsiahlym kybernetickým útokom zo zahraničia. Pracoviská katastrálnych odborov budú preto preventívne až do odstránenia dôsledkov kybernetického útoku dočasne uzatvorené.

Katastrálne odbory na okresných úradoch sú odborne a metodicky riadené ÚGKK SR a pri poskytovaní služieb využívajú informačné systémy ÚGKK SR, ktorý ako správca systému informuje o aktuálnom vývoji situácie (Link to https://www.skgeodesy.sk/sk/).

Prípadom sa zaoberá Úrad boja proti organizovanej kriminalite. Presnú kvalifikáciu skutku bude možné ustáliť až na základe vykonaných procesných úkonov. Bližšie informácie Policajný zbor poskytne ihneď, ako to procesná situácia dovolí.

2025-01-08 English Translation of Press Release from Ministry of Interior of Slovakia about ransomware attack

Cadastral Departments of District Offices Will Not Provide Services Until the Consequences of the Cyberattack Are Resolved, The Case Is Being Investigated by the Police

08 January 2025

The information system of the Geodesy, Cartography, and Cadastre Authority of the Slovak Republic (ÚGKK SR), used by the cadastral departments of district offices, has been affected by a large-scale cyberattack from abroad. As a preventive measure, the offices of the cadastral departments will remain temporarily closed until the consequences of the cyberattack are resolved.

The cadastral departments at the district offices are professionally and methodologically managed by ÚGKK SR and utilize the information systems of ÚGKK SR in providing services. As the system administrator, ÚGKK SR will inform about the current situation developments (Contains link to https://www.skgeodesy.sk/sk/).

The case is being handled by the Office for the Fight against Organized Crime. The exact classification of the crime will be determined only after the necessary procedural actions are carried out. The Police will provide further information as soon as the procedural situation allows.

Back to HomePage


BlueNumbers Logo