Ransomware is the terror of every business. Criminals use it to penetrate systems and then "hold" all files hostage. They only release them when a ransom is paid. Scientific research by Tom Meurs (cyber specialist East Netherlands Unit) shows that half of the police interventions are effective. He received his doctorate on Friday, Jan. 24, from the University of Twente on the subject of ransomware. How do the police tackle this form of crime?
Once companies or organizations are victims of ransomware, they have their backs against the wall. If they don't pay up, their IT infrastructure is completely crippled or the criminals publish sensitive data on a public website. These types of attacks can disrupt society, think of targets such as ministries, hospitals or drinking water supplies.
So there is a lot at stake to protect companies and organizations from ransomware. To that end, the Public Prosecutor's Office (OM), the police, the National Cyber Security Center (NCSC), Cyberveilig Nederland and various private parties from the cybersecurity sector signed the 'Melissa' covenant in 2023. Project Melissa is a partnership between these public and private parties to combat ransomware attacks. They exchange information with each other on a structural basis and share and discuss frequent current developments. The common goal is to make the Netherlands an unattractive target for ransomware criminals. The intensive cooperation has already led to several successful operations in which encrypted data of victims could be released again.
Investigative agencies and partners are also joining forces internationally. Within Operation Endgame 2024, more than 14 countries and partners worldwide dismantled multiple botnets, which had a key role in international cybercrime. Cyptoval currency exchange services that facilitated many different money flows, such as ransomware, were taken offline and cryptocurrencies worth 7 million euros were seized. With the simultaneous downing of these major botnets, the supply line of cybercrime victims has been thoroughly disrupted and for an extended period of time.
Thanks to the close cooperation of multiple parties, for the first time, cybercriminal leaders received sanctions. The assets in the EU of these individuals were frozen, entry into the EU is no longer possible for them and entering into transactions was prohibited. The purpose of these measures is to deter and counter cybercrime, both towards individuals and clients. With these sanctions, we are also sending a signal to states that harbor cybercriminals, allowing them to go about their business unconcerned.
In the fight against ransomware, filing a report is crucial because the technical data from the report provides very valuable information. The police, thanks to a report, sometimes obtain missing information to unlock the system in order to regain access to systems and files. It also helps in finding suspects. Arrests were made in several cases where information from a police report was very important.
There is no panacea yet to stop ransomware, despite the fact that many interventions have a great impact. Meurs' doctoral research shows that the combination of various interventions is particularly effective. These include sanctions against criminals, providing decryptors (tools to get files back without paying), arrests, freezing crypto currencies and taking down leakage servers, which allow sensitive information to be published publicly.
It is a constant puzzle to see which interventions work well when and when not. Through intensive collaboration and a strategic (inter)national approach, measures can be increasingly fine-tuned to make ransomware less attractive to criminals.
Companies with more than 250 employees have a 1.3 percent annual chance of being directly affected and pay the highest amounts, Meurs' research shows. Smaller companies (fewer than 50 employees) report fewer incidents, but that is partly due to a low willingness to report. Many SMEs lag behind in terms of cyber resilience. The police are looking with several parties at the possibility of setting up a counter to make SMEs more aware of the risks, preventive measures and the importance of reporting.