Last year, hackers successfully launched 147 ransomware attacks against Dutch companies. Nearly one in five victims (18 percent) paid a ransom to the attackers to regain access to their data. That is probably just the tip of the iceberg. That is according to figures made public this week by the police and security companies, NU.nl writes (1).
Ransomware or hostage software is a form of malware that hackers and cybercriminals use to put corporate data under lock and key. The only way to regain access to this information is with a decryption key. To get it, victims must pay a ransom to the attackers. If they don't, the hackers threaten to make the captured data public. Or resell it on the dark web to the highest bidder.
Besides paying a ransom, there is another way to regain access to the encrypted data: through backup files. This allows affected businesses and organizations to restore their systems and resume business operations as if nothing ever happened. The prerequisite is that the attackers have not infected the backups with the hostage software. In practice, it happens that the backup files are also held hostage.
However, the figures from the police and security services on ransomware attacks in 2023 do not give the full picture. For starters, they deal only with Dutch companies with more than 100 employees. Smaller organizations are left out of consideration, but of course could just as easily be victims of hostage software. Moreover, not all victims report to the police, mostly for fear of reputational damage.
Willem Zeeman, digital forensics researcher at cybersecurity firm Fox-IT, confirms this. He explains that the percentage of victims paying ransom after a cyber attack has dropped sharply in recent years. "Hostage software has become an increasingly well-known phenomenon in recent years. Many large companies now have a good recovery plan," he explains to NU.nl.
IBM's X-Force Threat Intelligence Index 2024 shows a similar picture. The most recent figures show that the number of cyberattacks fell by nearly 12 percent last year. The main reason is that companies and organizations are more often choosing not to pay a ransom. Furthermore, the report shows that one-third of all cyber attacks took place in Europe (2) and three-quarters of all attacks targeted critical infrastructure.
Seaman is also to be commended for taking down LockBit's digital infrastructure (3). The British National Crime Agency (NCA), FBI, Europol and enforcement agencies from the Netherlands, Germany, France, Switzerland, Sweden, Finland, Canada and Japan took offline 34 servers worldwide used by the hacker group for their criminal practices. Thirteen of these were located in Dronten and Naaldwijk. Furthermore, 14,000 fraudulent accounts were closed and 200 crypto wallets were seized. Finally, two suspects were arrested during Operation Cronos.
Despite the success of the international police operation, Seaman is not confident that this is the end of LockBit. "This was a sizeable organization and only two arrests have been made so far. Moreover, we often see this type of hostage software resurfacing later under a different name," the security specialist said. He may just be right about that: a representative of the hacker group hinted that backup files are safe.
(1) https://myprivacy.dpgmedia.nl/consent/?siteKey=ucf98legs1caotgh&callbackUrl=https%3A%2F%2Fwww.nu.nl%2Fprivacy-gate%2Faccept%3FredirectUri%3Dhttps%253A%252F%252Fwww.nu.nl%252Ftech%252F6302490%252Feen-op-de-vijf-nederlandse-bedrijven-betaalt-losgeld-na-aanval-met-gijzelsoftware.html
(2) https://www.vpngids.nl/nieuws/ibm-meeste-cyberaanvallen-gericht-op-europa/
(3) https://www.vpngids.nl/nieuws/handhavingsinstanties-halen-infrastructuur-lockbit-offline/
