Thanks to robust preventive measures and the dedicated efforts of our IT experts, systems have been successfully restored, including the Institute’s website, email, and the majority of applications used by administrative and professional services. Most affected data and applications were recovered from secure backups and migrated to new, upgraded servers.

Forensic analysis confirmed that the attack was a ransomware incident, limited to the network segment supporting administrative and professional operations. Rapid isolation measures prevented the spread of the attack to other parts of the system. Importantly, no evidence of data exfiltration has been found.

The Institute did not meet the attackers’ ransom demands, as data and services were successfully restored from backups. System recovery was also used as an opportunity to accelerate the modernization of the IT infrastructure, a process that will continue intensively in the coming months in line with recommendations from the national CERT.

Due to the attack, the Institute’s email system remained unavailable until 8 August 2025. Messages sent to RBI addresses between 31 July and 8 August 2025 were not delivered, and we kindly ask senders to resend any emails sent during this period.

The incident has been reported to the Ministry of the Interior (MUP), the national CERT, the Croatian Personal Data Protection Agency (AZOP), and other relevant authorities. As the MUP investigation is ongoing, the Institute cannot disclose further details regarding the attack or those responsible.

The Ruđer Bošković Institute would like to thank its employees, partners, the public, and the media for their understanding and support during this challenging period.