Croatian Research Institute Confirms Ransomware Attack Exploiting ToolShell Vulnerabilities

The Ruđer Bošković Institute (RBI), the largest Croatian science and technology research institute, confirmed it was among “at least 9,000 institutions worldwide” targeted by ransomware attacks exploiting Microsoft SharePoint “ToolShell” vulnerabilities on Thursday, July 31, 2025. The attack compromised parts of the network related to the Institute’s administrative and professional services, resulting in the encryption of critical documents and databases. The Institute announced it would not pay the ransom and would instead respond to the incident through established professional and security protocols, focusing on careful upgrades and data restoration from backups. Previous reports indicated that the ToolShell vulnerabilities had been used to deploy Warlock and 4L4MD4R ransomware.

Remediation efforts are currently underway, with the IT network being gradually restored. The Institute’s email system was successfully brought back online last Friday. Additionally, the Institute is working on developing a new IT infrastructure that adheres to the latest cybersecurity standards. A forensic analysis of the incident is ongoing, supported by the Ministry of the Interior, the national CERT, and other Croatian cybersecurity institutions. The Croatian Personal Data Protection Agency has been notified, although it remains unclear if personal data was accessed. If it is determined that personal data was compromised, the Institute will take timely measures in accordance with the GDPR. As a precaution, the data protection officer informed employees about the potential exfiltration of personal data and advised them to be vigilant against phishing emails impersonating the Institute or relevant authorities.

Categories: Cybersecurity Incident, Ransomware Attack, Data Protection Measures

Tags: Ruđer Bošković Institute, Ransomware, Microsoft SharePoint, ToolShell, Cybersecurity, Data Protection, Forensic Analysis, Incident Response, GDPR, Phishing Emails

Croatian Research Institute Confirms Ransomware Attack Exploiting ToolShell Vulnerabilities

KillChainGraph: Researchers evaluate a machine learning framework designed to map attacker behavior to enhance SEO.

Global Brute-Force Attacks Target Fortinet Devices

Implications of GPT-5 for IT Teams, Developers, and the Future of AI in the Workplace

AI in the Security Operations Center: Revolutionary Innovation or Just More Noise?

How Military Leadership Equips Veterans for Success in Cybersecurity

WinRAR Zero-Day Vulnerability Exploited by RomCom Hackers in Targeted Cyber Attacks

Leave a Reply Cancel reply

Similar Posts

Leave a Reply Cancel reply