The text on this page was automatically translated and hence may differ from the original. No rights can be derived from this translation.
Ransomware is seen as a major and growing problem and is even considered a risk to national security. During a ransomware attack, the attacker infiltrates the victim's IT systems to deny access to the system or files. Often, the files are also encrypted, and nowadays (sensitive) data is also frequently stolen. Victims are then only able to regain access to their own files by paying a ransom to the cybercriminals. The cybercriminals often put pressure on the victims by threatening to leak the data, hoping to receive as much ransom as possible.
At present, there is no comprehensive overview of ransomware attacks on institutions and businesses in the Netherlands and the resulting damages. This lack of insight into the scale and nature of the phenomenon hinders an effective response to ransomware. Therefore, Dialogic has researched, on behalf of the WODC, what can be said based on existing data sources about ransomware attacks on institutions and businesses in the Netherlands in 2020, 2021, and 2022. Various data sources were analysed in this study, including those from virus scan providers, incident response companies, cybersecurity insurers, police reports, and websites of ransomware groups. These sources do not provide the clear picture needed, but collectively offer insights that could lead to a more effective response:
- Email (phishing) is the most common method used to infiltrate the IT systems of victims.
- Ransomware groups most frequently publish attacks on websites of American organisations. The Netherlands ranks 12th on this list.
- Companies in the industrial and financial sectors are most often targeted globally. However, in 2021, there was a doubling of attacks on companies in the ICT sector.
- Ransomware attacks occur most frequently in larger companies with a lot of personal data.
- Victims are less likely to pay the ransom. However, the average ransom amount paid has increased.
- The demanded ransom amount is often higher than the eventual financial damage suffered.
For a reliable and clear picture, the researchers recommend establishing a central point where various government organisations (who currently each hold part of the puzzle) can share data with each other. It is also necessary to investigate under what conditions commercial parties such as insurers, virus scan providers, and incident response companies are willing to share data. Finally, it is crucial to increase the willingness of ransomware victims to report incidents. Reports to the police contain valuable information about the victim's characteristics and the attack, which can then be used in the detection and prosecution of cybercriminals.