Dutch cybersecurity experts warning companies about global ransomware attack

Dutch cybersecurity companies have issued warnings to thousands of companies about a global ransomware attack. The attackers, known as the Cactus Gang, are from Eastern Europe and have been active since the end of last year.

The gang penetrated the companies' networks because the companies used a Qlik Sense server. The Dutch experts said they discovered that many of these servers are vulnerable to ransomware attacks. The experts work for Delft security company Fox-IT, Northwave from Utrecht, Responders from Amsterdam, and ESET from Sliedrecht.

The cybercriminals managed to penetrate the security systems of 122 companies, and at least 10 of those are in the Netherlands. The security experts exchanged information regarding the matter, and discovered that victims were being attacked in the same way every time. The four companies shared their findings with the Dutch authorities.

There are around 5,200 Qlik Sense servers in use worldwide, of which around 3,100 are vulnerable. The Dutch security organizations stated that "the cooperation has potentially helped prevent a maximum of 3,100 victims of the Cactus Gang."

Only recently have police, prosecutors, and the security sector started sharing information about ransomware attacks. This was the reason that the cooperation project, Melissa, was started last year. Since then, several operations against cyber criminals have been successfully completed. "The mutual confidence has grown strongly because of this," security expert Willem Zeeman from Fox-IT said.

The Digital Trust Center (DTC), which is a part of the Ministry of Economic Affairs, alerted the Dutch companies so that they could take protective measures. The Dutch Institute for Vulnerability Disclosure (DIVD) informed foreign cyber organizations, including the American Cybersecurity & Infrastructure Security Agency (CISA) and the FBI.

Many Dutch companies and institutions were rattled by ransomware attacks over the last few years. The victims included Dutch football association KNVB, the KNVB, the VDL Group, the Maastricht University, Hof van Twente, RTL Nederland, The Dutch Organization for Scientific Research (NWO), and Mediamarkt.

A ransom fee was asked in most cases. The Digital Trust Center warned over 140,000 Dutch companies of specific cyber threats last year.