Dutch companies also targeted in large ransomware attack
Dutch companies were also hit by a Russian hacker gruop, security researcher Mark Loman from Sophos said according to NOS. More than 200 companies worldwide fell victim to the ransomware attacks, the new agency Bloomberg reported based on information from the cybersecurity company Huntress Labs.
At least two Dutch companies in Amsterdam and Hellevoetsluis were also targeted. Despite the hackers successfully attacking the companies, their files were saved thanks to anti-ransomware software.
The attack likely started at the IT software management provider, Kaseya. The National Cyber Security Center (NCSC) in The Hauge called on companies to disable the VSA product. Kaseya is widely used by management parties that provide ICT support to other companies.
“This is one of the most broadly impactful, non-nation state executed attack we have ever seen and it appears purely designed to extract money”, Anders Howard, CEO of the Switzerland-based provider of managed cybersecurity services Kudelski Security said to BLoomberg. The ransom demanded from some companies reached up to 5 million euros.
It appears that the hackers claimed to provide a rogue update to VSA that allowed them to gain access to sensitive information once installed. An attack on the port of Rotterdam in 2017, occurred under similar circumstances.
It is unclear whether a recent breach of the server of the University of Leiden was also part of the large-scale hack. A few days prior the Dutch university had fallen victim to Russian hackers that sold or passed on information to the Iranian hacker group, Irvin Club Hackers. The cybercriminals acquired addresses and personal information from employees of the university. According to a spokesperson, the server was used by researchers to work together. exchange for the details, the hackers demanded 16 bitcoins, worth roughly 450 thousand euros. The university said they are not willing to pay.