Prague City Services Hit by Ransomware Attack: Sensitive Data Leaked, Ransom Demanded

Hackers have launched a significant cyberattack against the Prague Services Administration (SSHMP), the organization managing vehicle towing and impound lots in the Czech capital. The attackers aren’t just holding data hostage; they’ve begun leaking stolen information online and are demanding a ransom payment, threatening to release more if their demands aren’t met. The organization is currently operating with limited capacity as the Police and the National Cyber and Information Security Agency (NÚKIB) investigate.

Data Leak Underway: Towed Car Info Exposed

The situation escalated last Friday when, according to reports from iROZHLAS.cz, the hackers started publishing sensitive materials obtained during the breach. The leaked data reportedly includes deeply concerning information such as:

• Details about towed vehicles.
• Names of vehicle owners.
• Vehicle license plates.
• Internal, non-anonymized contracts.
• Lists of the organization’s assets.

The attackers are publicly posting these documents, explicitly stating they were acquired during their attack on SSHMP’s systems.

Ransom Demand and Attacker Claims (Cicada3301)

Security experts have attributed the attack to the Russian-speaking cybercriminal group known as Cicada3301. This group is pushing SSHMP to negotiate a ransom payout. They claim to have exfiltrated a substantial 200 gigabytes of data during the intrusion.

According to cybersecurity company Check Point Software Technologies, the initial breach likely occurred more than a week ago, possibly around April 10th. The attackers have reportedly given SSHMP a 29-day ultimatum (ending in early May) to pay the ransom before they release all the stolen information.

Operational Impact and Official Response

SSHMP has confirmed the cyberattack. While stating that its core mandated activities are continuing, the organization acknowledges significant operational disruptions. “Communication channels are currently partially limited,” SSHMP told iROZHLAS.cz. Official email addresses are down, forcing the administration to use temporary Gmail accounts and two mobile phone numbers for public communication. It remains unclear when their systems might be fully restored.

SSHMP is working closely with the Czech Police and NÚKIB to handle the situation. NÚKIB spokesperson Lenka Soukupová confirmed their involvement, stating, “We are aware of the incident and are addressing it. We cannot comment further on the matter.”

The Bigger Picture: Cyber Threats in the Czech Republic

This attack on SSHMP is not an isolated incident and reflects a broader, concerning trend in cybercrime. Experts at Check Point highlight a tactical shift by attackers away from merely encrypting data towards stealing it for extortion purposes – a tactic known as double extortion. According to Check Point, at least 16 Czech companies were publicly subjected to this kind of extortion last year (2024).

Petr Cícha, a media representative for Check Point, criticized the response of many organizations, stating, “Many organizations do not react adequately and still stick to outdated detection techniques instead of emphasizing prevention.”

The Cicada3301 group itself is known not only for conducting its own attacks but also for operating a Ransomware-as-a-Service (RaaS) model. Check Point noted that last year, the group advertised its ransomware services on hidden Russian-language forums, offering support for attacks in exchange for a 20% cut of any ransom paid.

This attack follows other recent cyber incidents impacting Czech institutions, including the hacking of Prime Minister Petr Fiala’s account on the X network last week and a massive internet attack that disrupted Financial Administration web services last July.

About Prague Services Administration (SSHMP)

The Prague Services Administration (SSHMP) is a contributory organization established by the City of Prague. Its core responsibilities include the management of city-owned properties, operating vehicle towing services, and the administration of impound parking lots throughout the capital city.