The text on this page was automatically translated and hence may differ from the original. No rights can be derived from this translation.
Ransomware is seen as a major and growing problem and is even considered a risk to national security. In a ransomware attack, the attacker infiltrates the victim's IT systems to deny them access to the system or files. Often, the files are also encrypted, and nowadays, (sensitive) data is often stolen as well. Victims are only able to regain access to their own files by paying ransom to the cybercriminals. The cybercriminals often pressure the victims by threatening to leak the data, in an attempt to maximise the ransom they can receive.
At present, there is no complete picture of ransomware attacks on institutions and businesses in the Netherlands and the resulting damage. This lack of insight into the extent and nature of the phenomenon hinders an effective approach to ransomware. Therefore, Dialogic has investigated, on behalf of the WODC, what can be said based on existing data sources about ransomware attacks on institutions and businesses in the Netherlands in 2020, 2021, and 2022. This research analysed various data sources, including virus scan providers, incident response companies, cybersecurity insurers, police reports, and websites of ransomware groups. While these sources do not provide a clear picture as needed, collectively they do offer insights that can lead to a more effective approach:
- Email (phishing) is the most common method used to infiltrate the IT systems of victims.
- Ransomware groups most frequently publish attacks on American organisations on their websites. The Netherlands ranks 12th on this list.
- Companies in the industrial and financial sectors are most commonly targeted worldwide. However, there was a doubling of attacks on companies in the ICT sector in 2021.
- Ransomware attacks most often occur at larger companies with a lot of personal data.
- Victims are less likely to pay ransom. However, the average ransom amount paid has increased.
- In many cases, the demanded ransom amount is higher than the financial damage ultimately suffered.
For a reliable and clear picture, the researchers recommend establishing a central point where different government organisations (who often currently hold a piece of the puzzle) can share data with each other. It is also important to explore under what conditions commercial parties like insurers, virus scan providers, and incident response companies would be willing to share data. Lastly, increasing the willingness of ransomware victims to report incidents is crucial. Reports to the police contain valuable information about the characteristics of the victim and the attack, which can then be used in the detection and prosecution of cybercriminals.