Dutch govt. institutions, energy company hit in ransomware attacks

During the first quarter of this year, two Dutch government institutions and a company in the energy sector were infected with ransomware, AD reports based on information obtained from the National Cyber Security Center (NCSC) by appealing to the freedom of information act. Ransomware is a type of malware that blocks access to files on an infected computer. The user can regain access to the files by paying a ransom, usually demanded in bitcoins.

Between January 1st and April 1st of this year, the NCSC registered 116 cyber incidents. Four cases involved ransomware. The NCSC could not say how many attacks were successful or wat the damage was.

On March 10th the NCSC received a notification of a ransomware infection at a company in the energy sector. Ransomware infections at the two government institutions were reported on March 8th and February 17th. The center would not comment on the impact of the infection or whether the ransom was paid.

AD had IT experts analyze the overview received from the NCSC. They concluded that most of the reported cases - 45 of the 116 - involved the "exploitation of a vulnerability". This refers to hackers breaking through a fault in the software. Phishing came in second place, with 17 reports. "That is in principle not something that happens to you, but something in which you actively do something stupid", AD quotes an IT expert. And third place goes to "unauthorized access". This could be the result of an intelligent attack, or simply an easy to guess password.

Over the weekend a worldwide ransomware attack infected at least 200 thousand computers in 150 countries, including the Netherlands. The WannaCry malware infected computers through a months-old vulnerability in Windows software. Microsoft released an update to fix the vulnerability, but all Windows computers that did not have the recent updates installed remained vulnerable.