Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

Croatian Institute Hit by Ransomware

August 15, 2025
Reading Time: 3 mins read
in Incidents
Croatian Institute Hit by Ransomware

On Thursday, July 31, 2025, the Ruđer Bošković Institute (RBI), Croatia’s largest science and technology research institute, became one of over 9,000 institutions worldwide to fall victim to a widespread cyberattack. The attack leveraged a set of newly discovered and actively exploited vulnerabilities in Microsoft SharePoint, collectively known as “ToolShell,” to deploy ransomware. This incident affected a portion of the institute’s network that supports its administrative and professional services, resulting in the encryption of numerous documents and databases. The attack highlights the severe risk posed by unpatched vulnerabilities, especially when they are part of a coordinated, global campaign.

In the wake of the attack, the RBI has taken a firm stance, publicly stating it will not pay the ransom demanded by the attackers. Instead, the institute is focusing on a multi-pronged recovery strategy. This includes a full-scale restoration of its encrypted data using secure backups, a process which is currently underway. The institute’s email system, for instance, was brought back online last Friday. This approach aligns with expert advice to not give in to ransomware demands, as paying does not guarantee data recovery and can incentivize future attacks.

Beyond data restoration, the RBI is also undertaking a significant overhaul of its entire IT infrastructure. The institute announced its plan to build a new system that adheres to the latest cybersecurity standards, a move intended to prevent similar incidents in the future. This proactive measure demonstrates a commitment to long-term security and resilience. The incident is also under forensic analysis with the assistance of Croatian authorities, including the Ministry of the Interior and the national CERT, to understand the full scope of the breach and identify the attackers’ methods.

While the primary impact has been on the institute’s administrative functions, a key concern remains the potential exfiltration of personal data. The institute has notified the Croatian Personal Data Protection Agency about the incident. Although it is not yet confirmed whether personal information was accessed, the institute’s data protection officer has proactively warned employees that their personal identification numbers, addresses, and other related data may have been compromised. Employees have been advised to be vigilant against potential phishing attempts that could impersonate the institute or other relevant authorities.

This attack on the RBI is part of a larger trend of cybercriminals exploiting sophisticated vulnerabilities to target high-value institutions. Previous reports indicate that the “ToolShell” vulnerabilities have been used to deploy Warlock and 4L4MD4R ransomware. The scale of the attack—affecting thousands of organizations globally—underscores the urgent need for robust cybersecurity measures and timely application of patches. The RBI’s response, from refusing to pay the ransom to rebuilding its infrastructure, serves as a case study for how institutions can navigate and recover from a major cyber incident.

Reference:

  • Croatian Research Institute Breached via ToolShell Vulnerabilities
Tags: August 2025cyber incidentsCyber Incidents 2025Cyber threats
ADVERTISEMENT

Related Posts

Morrisroe UK Company Hit By Cyber Attack

Boyd Gaming Reports Data Breach After Attack

September 24, 2025
Morrisroe UK Company Hit By Cyber Attack

Morrisroe UK Company Hit By Cyber Attack

September 24, 2025
Morrisroe UK Company Hit By Cyber Attack

GeoServer Flaw Breaches US Agency Network

September 24, 2025
Cyberattack Hits Europe Airport Systems

Cyberattack Hits Europe Airport Systems

September 22, 2025
Cyberattack Hits Europe Airport Systems

Ransomware Gang Hacks Spartanburg County

September 22, 2025
Cyberattack Hits Europe Airport Systems

Steam Game Steals Streamer Donations

September 22, 2025

Latest Alerts

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

SonicWall Warns Reset After Exposure

Infostealer Hits macOS Users Widely

FBI Issues Warning on Spoofed IC3 Website

Subscribe to our newsletter

    Latest Incidents

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    Steam Game Steals Streamer Donations

    Ransomware Gang Hacks Spartanburg County

    Cyberattack Hits Europe Airport Systems

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial