Ransomware atacks in the Netherlands decline despite global increase

The number of reported ransomware incidents in the Netherlands decreased slightly in 2024, countering the global trend of rising cyber extortion cases. Cybersecurity expert Rosalie Brand described the decline as unexpected in response to the annual 'Jaarbeeld Ransomware' report compiled by Cyberveilig Nederland, law enforcement agencies, and private companies.

According to the report, approximately 120 ransomware incidents were reported to authorities in 2024, a slight drop from the previous year. However, instances of ransom payments increased from 10 to 13. The relatively low numbers make it difficult to determine whether this constitutes a lasting trend, said Brand, a partner at Kennedy Van der Laan, one of the organizations contributing data to the report.

As Dutch organizations improve their backup systems and recovery capabilities, cybercriminals are increasingly shifting their focus from encrypting files to data theft. Attackers now attempt to extort victims by threatening to publish stolen data rather than locking access to systems. This method, known as ‘double extortion,’ has become more prevalent as companies strengthen their resilience against traditional ransomware attacks.

“The landscape is evolving,” Brand said. “Criminals are finding alternative ways to pressure victims into paying, especially by leveraging sensitive data. This shift reflects a broader strategy rather than a decrease in criminal activity.”

The ICT sector was the most frequently targeted industry in 2024, based on reported incidents. In previous years, ransomware attacks were more common in the industrial, commercial, and healthcare sectors. ICT companies are particularly attractive targets because they store and manage data for multiple clients, increasing the potential impact of an attack.

However, Brand warned against drawing definitive conclusions. “It might be coincidental. Cybercriminals tend to target the weakest link—organizations with insufficient cybersecurity measures. They aren’t necessarily choosing high-value targets; they simply exploit vulnerabilities where they find them,” she explained.

While the number of ransomware cases declined, the increase in ransom payments suggests that some organizations still struggle to recover from attacks without paying extortion demands. The decision to pay ransom remains controversial, as it can incentivize further attacks and does not guarantee full data recovery.

The Dutch government and cybersecurity experts strongly advise against paying ransom, urging companies instead to invest in robust cybersecurity measures and incident response planning. Authorities also emphasize the importance of reporting cyber incidents to help assess threats and develop countermeasures.

The Netherlands has taken steps to combat ransomware by strengthening public-private collaboration and investing in cybersecurity initiatives. The National Cyber Security Centre (NCSC) continues to monitor ransomware trends and provide guidance to businesses on improving digital resilience.

Brand stressed the need for vigilance. “Cybersecurity is not static. Companies must continuously assess and upgrade their defenses to stay ahead of threats,” she said.