Dutch Research Council Goes Offline After a Ransomware Attack
The most recent attack was led by the DoppelPaymer ransomware gang.
NWO is the National Research Council of the Netherlands who is in charge of offering funds to thousands of top researchers at Universities and Institutes, thus promoting quality and innovation in science.
They are directing an approximate budget of 1 billion euros towards Dutch Universities and Institutes and also have their own research institutes that facilitate international cooperation.
The hackers from DoppelPaymer gained access to NWO’s (Dutch Research Council) network on February 8th and proceeded to take into their possession sensitive internal documents with the sole purpose of using this data as blackmail material. They wanted to be paid so the sensitive stolen content wouldn’t get published online.
The attack made it impossible for NWO, the NWO-I office, the Regieorgaan SIA and the Regieorgaan NRO to carry out their primary processes – funding for science.
Therefore, all related activities such as opening new calls and assessment processes have been suspended until further notice. Employees of NWO, NWO-I, SIA, NRO, TKI HTSM and LNVH are no longer receiving any emails and all the employees that were involved in this major data breach are being forced to resign from their duties until more is known about their impact upon the cyberattack.
As you maybe already know, NWO does not cooperate with cybercriminals so, for this ransom to be paid, is out of the question.
Therefore, DoppelPaymer started on February 24th to leak internal NWO documents from recent years on the dark web.
‘Although NWO deeply regrets that data of its own employees is now being made public unauthorized, this does not change this choice. This will mean that stolen files may again be made public in the near future.’
According to the official statement released by NWO
The major breach had important consequences when it comes to the funding rounds that NWO was working on. For the time being, they decided to suspend all decision-making processes until the cybersecurity situation will be handled.
Unfortunately, the situation does not seem to have an easy fix, so all the NWO’s efforts are going into securing their data and restoring the network on its own.
As for the people involved at this time in the application or interview process, it is not known if their data has been hacked as well. NWO’s still investigating how deep the attack has been and how many systems were compromised.
We’ll keep you updated as this situation rolls out.