The servers of the Netherlands Organization for Scientific Research (NWO) have been hacked by DoppelPaymer. This group of criminals is engaged in ransomware: the hijacking or encryption of computer systems that are released in exchange for ransom.
The NWO reports in a statement to the NOS that the criminals gained access to the organization’s network on 8 February. Halfway through this month, the NWO already announced that a hack had taken place, but who was behind it remained a secret.
The NWO does not disclose how much ransom has been requested, but according to the statement, there is no cooperation. “As part of the Dutch national government, NWO does not respond to the demands of criminals on grounds of principle. DoppelPaymer therefore started leaking internal NWO documents from recent years on the dark web on 24 February.”
Employee data public
With this, the NWO confirms earlier reports from de Volkskrant today. According to the scientific institute, it is inevitable that data of employees will be made public digitally by cyber criminals. Although this is seriously regretted, the NWO nevertheless says it will not change the choice not to comply with DoppelPaymer’s requirements.
“This will mean that some more stolen files may soon be made public again,” the statement said. The NWO says it is “busy” restoring the network on its own. It is expected that the network will be usable again in a few weeks and will be fully operational again in the following weeks.
Each year, the NWO invests nearly 1 billion euros in scientific research, making it the most important funder in the Netherlands. DoppelPaymer is a ransomware group that often targets large companies and organizations. For example, car manufacturers Kia and Hyundai were reportedly targeted recently. Last year, tech production company Foxconn and a hospital in Düsseldorf were extorted.