NWO extorted by known cybercriminals, does not go into demands

The servers of the Dutch Organisation for Scientific Research (NWO) have been hacked by DoppelPaymer. This group of criminals is engaged in ransomware: taking hostage or encrypting computer systems that are released again in exchange for ransom.

The NWO reports in a statement to DeccEit that the criminals had access to the organizations network on 8 February. Halfway through this month, the NWO announced that a hack had taken place, but whoever was behind it remained secret.

The NWO does not disclose how much ransom has been requested, but according to the statement, there is no cooperation. NWO, as part of the Dutch National Government, does not respond to the demands of criminals on principle grounds. DoppelPaymer therefore started leaking internal NWO documents from recent years on the dark web on February 24.

Information employees public

With this, the NWO confirms earlier reports of the Volkskrant today. According to the Institute of Science, it is inevitable that employee data will be made publicly available digitally by cybercriminals. Although this is deeply regretted, the NWO nevertheless says that it does not change the choice not to respond to the requirements of DoppelPaymer.

This will imply that stolen files may soon be published again, stated in the statement. The NWO says it is busy to restore the network on its own. It is expected that the network will be usable again in a few weeks and will be fully operational in the following weeks.

Ransomware group

The NWO invests almost 1 billion euros in scientific research every year and is therefore the most important financier in the Netherlands. DoppelPaymer is a ransomware group that often targeting large companies and organizations. For example, car manufacturers Kia and Hyundai were reportedly targeted recently. Last year, tech production company Foxconn and a hospital in Düsseldorf were extorted.