Skip to main content
Netherlands News in English

Main navigation

  • Top stories
  • Health
  • Crime
  • Politics
  • Business
  • Tech
  • Culture
  • Sports
  • Weird
  • 1-1-2
Image
Hacker_-_Hacking_-_Symbol
Cybercrime file image - Credit: Rendering: www.elbpresse.de / Christoph Scholz / Flickr / Wikimedia Commons - License: CC-BY-SA
Crime
Innovation
SamSam
Ransomware
malware
cyber attack
Fox-it
Frank Groenewegen
Tuesday, 4 December 2018 - 15:20

Share this article:

Multiple Dutch companies infected with SamSam ransomware: report

A few dozen Dutch companies have been infected with ransomware SamSam, according to security company Fox-IT. A precise number can not be given because it is unknown how many companies paid the ransom or managed to get rid of the malware themselves, NOS reports.

SamSam uses a configuration error in a company's IT to gain access to its server. If the server is directly connected to the internet and has a weak password, that is relatively easy, according to Fox-IT. The hackers then dive deeper into the systems looking for more administration rights. Ransomware blocks access to an affected computer until the owner pays a ransom.

"They get to know the company in that way. Look at the name and google it", Frank Groenewegen of Fox-IT said to NOS. "They know what kind of people work there and determine on the basis of all that knowledge how much ransom they can demand. What is feasible." According to ANP, ransoms vary from a few thousand euros to tens of thousands of euros, and must be paid in bitcoin.

SamSam has been active world wide for around 18 months and seems to target schools, hospitals and universities. Known cases from the past include a hospital in Los Angeles and the municipality of Atlanta. But according to Groenewegen, the ransomware isn't specifically targeting public facilities. "In the Netherlands it is the other way around: most government organizations don't link the servers directly to the internet. The SamSam makers are looking for companies that are not in order."

The American authorities believe that Iran is behind this ransomware. An American prosecutor indicted two Iranians last week, according to the broadcaster.

More like this

Image
Gurneys in a hospital corridor
Hospital patient data may have leaked in Chipsoft hack, sources say
Image
TU Eindhoven
Hacker had broad access to Eindhoven University's network for days in January
Image
Sunset in Chisinau, Moldova
Man, 45, arrested in Moldova for cyberattacks on Dutch research council
Image
Servers of Russian hosting provider ZServers that were taken down by Amsterdam police on February 12,2025.
Amsterdam police raid office tied to alleged Russian cybercrime outfit ZServers & XHost
Make NL Times your top Google source

Follow us:

Latest stories

  • Consumer prices confirm Dutch inflation rate at 2.9% in June; Fuel price growth slows
  • Zeeland shuts down 20 wind turbines overday after young sea eagle’s death
  • Regulator grants online retailer Bol license to operate as a payment provider
  • Netherlands to end zero-hour work contracts, limit flexible employment with Senate vote
  • Ajax agree €27M deal to sell Sean Steur to Newcastle

Top stories

  • Netherlands to end zero-hour work contracts, limit flexible employment with Senate vote
  • Netherlands recruited 29 top scientist leaving U.S. under Trump
  • Police shoot armed man on Rotterdam street
  • Rotterdam train traffic back to normal after week-long outage
  • New-build home sales in Netherlands fall 19% as market cools

© 2012-2026, NL Times, All rights reserved.

Footer menu

  • Change Privacy Settings
  • Privacy Policy
  • Contact
  • Partner Content