The latest cyberattack that pressured the Dutch Analysis Council (NWO) to take its servers offline and droop grant allocation processes was brought on by the DoppelPaymer ransomware gang.
The hackers gained entry to NWO’s community on February 8 and stole inner paperwork, threatening with leaking them until the group paid a ransom.
No dime for DoppelPaymer
Since NWO doesn’t cooperate with cybercriminals, DoppelPaymer printed proof of the stolen inner information on their leak web site. This tactic is typical to ransomware gangs and the aim is to stress victims into paying the ransom.
NWO is the principle physique that funds researchers at universities and institutes within the Netherlands, making annual investments of as much as one billion euros.
The group introduced on February 14 that its community had been hacked, with out offering particulars concerning the incident, solely in regards to the influence it has on its exercise.
On Wednesday, the DoppelPaymer ransomware gang leaked a dozen information stolen from NWO’s servers to indicate that they’ve a bigger cache and are nonetheless open to negotiations.
[Although the ransomware gang call themselves Dopple, the media refers to this actor as Doppel because of the extension “doppeled” they append to the encrypted files on a victim’s system]
In an replace on the incident yesterday, the group says that the hackers have inner NWO paperwork from the previous years that embrace particulars about its staff. This doesn’t change its choice to not pay the hackers.
NWO is at the moment engaged on restoring the community, which signifies that techniques have been encrypted, typical to most ransomware actors. Operations are anticipated to renew in a couple of weeks.
A FAQ from the group informs that the cyberattack impacted community disks with information processed by NWO, the NWO-I workplace, the Nationwide Governing Physique for Apply-oriented Analysis SIA, and the Netherlands Initiative for Training Analysis (NRO).
Different organizations utilizing the identical community servers are the NRO Steering Physique, SIA Steering Physique, TKI-HTSM, TKI Chemie, European Polar Board, and the LNVH have been affected.
The UK Analysis and Innovation (UKRI) company, which has the identical mission as NWO, has additionally been hit by a ransomware assault in January that encrypted information and affected a few of its companies.
Whereas NWO nonetheless has some work to do to revive companies and operations, UKRI introduced that it restored companies offered by its UK Analysis Workplace (UKRO) based mostly in Brussels. Customers should reset their passwords at login.