Massive cyberattack on the Justice Ministry's registries: which registries are down and when will they be restored?

A large-scale cyberattack on the Ministry of Justice registries: which registries stopped functioning and when will they be restored

On the evening of December 19, access to some registries, available through the "Dія" app, was temporarily lost. Additionally, the website of the Ministry of Justice of Ukraine was also down. The agency posted a message about a significant malfunction on its Facebook page.

"We understand how important it is for each of you to have access to state registries and services, and we sincerely apologize for the temporary inconvenience. Unfortunately, we faced a serious issue – a large-scale failure at the level of the network infrastructure servicing the registries," the statement read.

Moreover, the "Dія" website indicated that some services were temporarily unavailable due to updates of the state registries.

At the same time, Russian hackers claimed online that they had breached Ukrainian registries and allegedly stole a large amount of data. They published a list of registries that they claimed had been compromised and began releasing screenshots and fragments of information. The list included EGRPOU, the civil status acts registry, the property rights registry, the notarial actions registry, and dozens of others.

The following services on the "Dія" portal and app ceased functioning:

• registration, amendments, closure of individual entrepreneurs;
• extract from the EGR;
• registration of LLCs;
• transition of LLCs to the model charter;
• construction services;
  employee reservations;
  
• re-registration of vehicles;
• online marriage;
• recording acts;
• registration of property ownership;
• information certificate from the DRRP;
• loans for internally displaced persons;
• assistance for persons with disabilities from childhood and children with disabilities;
• support for caring for a sick child;
• assistance in adopting a child;
• support for a child of a single mother or father;
• the "eOselya" program;
• reports of damaged/destroyed property;
• "eRecovery";
• "eRecovery" for businesses;
• reports on repair works;
• booking by certificate;
• international loss registry;
• marriage application;
• extractions and reissuance of certificates from the DRAC.

The "Dія" team noted that the platform does not store users' personal data but only displays information from the registries.

The large-scale failure also affected the "Reserve+" application, making it temporarily impossible to log in and use its features.

Driver databases
The databases for drivers and vehicle owners were also impacted. The Main Service Center of the Ministry of Internal Affairs reported the suspension of certain registration services. In particular, actions related to the change of vehicle ownership could not be performed:

• under a sales agreement;
• under a donation, exchange, or inheritance agreement;
• under a leasing agreement or stock exchange agreement.

Only the following services are available:

• initial registration of vehicles;
• replacement, reservation, extension of license plate storage;
• examination services;
• replacement and restoration of driver's licenses.

Large-scale cyberattack
Late on December 19, Deputy Prime Minister of Ukraine Olha Stefanishyna announced that the country had suffered the largest external cyberattack on state registries.

"Today, the largest external cyberattack on Ukraine's state registries in recent times occurred," she stated.

According to Stefanishyna, the attack was carried out by Russian hackers with the aim of disrupting critically important infrastructure.

Specialists are working to restore the registries. The following will be restored first:

• the civil status acts registry;
• the Unified State Registry of Legal Entities and Individual Entrepreneurs;
• the property rights registry.

Counteracting the cyberattack

The Security Service of Ukraine stated that the attack was carried out by hackers from the Russian GRU. The so-called head of the Cybersecurity Department of the SBU, Volodymyr Karastelyev, noted that all consequences of the attack will be eliminated.

Stefanishyna assured that no data was compromised, but the restoration of the registries' functionality may take up to two weeks.

tsn