147 ransomware attacks on large Dutch companies, institutions last year; 18% paid ransom

Criminal gangs carried out 147 successful ransomware attacks on major Dutch companies and institutions last year. Ransom was paid in 18 percent of the cases. That is evident from figures from the police and security companies.

It is only recently that law enforcement and the security industry have started sharing information about ransomware attacks. The Melissa collaborative project was set up for this purpose last year, in which the Public Prosecution Service, the National Cybersecurity Center, and Cyberveilig Nederland also participate.

The figures only include reports from companies with over 100 employees. According to forensic expert Willem Zeeman of Fox-IT, one of the affiliated security companies, they provide a clear picture of the scale of the attacks for the first time, although the real figures are probably higher. “Not all companies report an attack for fear of reputational damage.”

The figures show that the number of companies willing to pay ransom to cybercriminals is significantly lower than previously thought. In 2019, Coveware, an American company specializing in ransomware cases, estimated that ransom was paid in 85 percent of cases.

Fox-IT expert Zeeman confirms that the percentage has fallen rapidly in recent years. “Ransomware has become an increasingly well-known phenomenon in recent years. Many large companies now have a good recovery plan.” The amount of the ransom paid usually remains secret.

A large number of Dutch companies and institutions have been hit by ransomware attacks in recent years. The victims include the KNVB, the VDL Group, Maastricht University, Hof van Twente, RTL Nederland, the Netherlands Organization for Scientific Research (NWO), and MediaMarkt. In most cases, ransoms were reportedly paid.

This week, the authorities announced that they rounded up the infamous Lockbit gang in an international police operation. An exceptionally clever piece of detective work which dealt a serious blow to cyber criminals, said Zeeman. “But it was a large organization, and only two arrests have been made so far. Moreover, we often see that his type of ransomware later reappears under a different name.”