The Dutch Research Council (NWO) confirmed that the recent attack in cyberspace, which forced it to put them offline servers and stop various jobs, was one ransomware attack. It seems that behind this attack are the hackers of the DoppelPaymer gang.
The attackers gained access to the NWO network on February 8 and stole internally documents. They then threatened the Council that they would publish these documents if they did not receive the money they requested.
The Dutch Research Council did not pay them DoppelPaymer hackers ransomware
The NWO did not cooperate with them hackers and so they posted some documents on their leak site to show that they really have it in their hands data. This tactic is now very common for ransomware gangs. Their purpose is to put more pressure on the victims to pay the ransom.
The Dutch Research Council is the main body that funds researchers from universities and institutes in the Netherlands, with annual investments of up to one billion euros.
The agency had announced the infringement of its systems on 14 February, without providing details of the incident. He had focused mainly on the impact that the issue of security had on his activities.
On Wednesday, the DoppelPaymer ransomware gang leaked several of the stolen items archives to show that he has more data which have not yet been revealed and to state that it is still open to negotiations.
The Dutch Research Council said the day before yesterday that the files stolen by hackers include information about its employees. However, this does not change his decision not to pay the criminals.
The organization is trying to fully restore its systems. Work is expected to continue in a few weeks.
It is said that the ransomware attack affected network disks with data used by the NWO, the NWO-I office, the National Governing Body for Practice-oriented Research SIA, and the Netherlands Initiative for Education Research (NRO).
Other organizations that use the same network servers are NRO Steering Body, SIA Steering Body, TKI-HTSM, TKI Chemie, European Polar Board and LNVH.
Source: Bleeping Computer