The Ruđer Bošković Institute (RBI) in Zagreb — Croatia’s biggest science and technology research center has confirmed it was one of thousands of organizations worldwide targeted in a massive cyberattack exploiting Microsoft SharePoint’s “ToolShell” security flaws.
The incident occurred on Thursday, July 31, 2025, and resulted in ransomware being installed on parts of the Institute’s internal network. According to RBI’s statement, the affected systems were linked to its administrative and support operations, with attackers encrypting documents and databases to block access.
Refusing to Pay the Hackers
Unlike some victims, RBI has stated it will not pay the ransom. Instead, the Institute plans to follow strict security protocols, restore affected systems from backups, and upgrade its infrastructure to meet modern cybersecurity standards.
Past reports indicate that ToolShell vulnerabilities have been used to spread two strains of ransomware — Warlock and 4L4MD4R but RBI has not yet confirmed which variant hit its systems.
Restoration Underway
Recovery work is ongoing, with some systems already back online. Email services were restored the Friday after the attack, and the Institute is slowly bringing other parts of its network back into operation. A completely new IT system is also being built to i
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: