Dutch NCSC Issues Warning After Thousands of Companies Affected by Ransomware Attacks

While ransomware attacks are already on a rise, the Dutch NCSC have also warned companies of these attacks. As elaborated, at least 1800 firms globally have fallen victim to ransomware.

Dutch NCSC Warns Ransomware Attack

In a recent advisory, the Dutch National Cyber Security Centre (NCSC) has highlighted the growing incidents of ransomware attacks on various firms around the world. As revealed, at least 1,800 companies in the world have suffered these attacks.

Although this number includes only a small number of Dutch firms, NCSC fears that these attacks still pose a significant threat. Moreover, they also suspect the actual figures to be greater than estimated.

Specifically, they noticed that the attackers usually targeted large firms boasting sales in millions or even billions. Nonetheless, they do not target a specific niche, rather aim at industries from various sectors. Their victims include companies from automotive, construction and chemicals, and chain stores to hospitals and entertainment as well.

According to an NCSC spokesperson, they delved into the matter after noticing ‘disruptive attacks abroad’, including a victim firm collaborating with the Netherlands. It was an American Chemical Company supplying drinking water, energy, and internet access.

They also found three common types of ransomware MegaCortex, LockerGoga, and Ryuk, to have shared digital infrastructure.

Poor Cybersecurity A Prime Triggering Factor for Ransomware Attacks

According to Frank Groenewegen, security expert at Fox-IT [translated],

In terms of level, they are comparable to drug criminals who have their own rocket launchers. By the way, they don’t need those digital rocket launchers in many cases, because the security of many companies is so poor.

The Dutch NCSC has elaborated that the attackers behind the ransomware probably have access to zero-day bugs. Consequently, the attackers exploit these vulnerabilities to affect various firms.

The ransomware even stays silently in the target company’s network until the firm notices its presence or until the attackers activate the ‘hostage software’. In the latter case, the companies are left with no option but to pay the asked ransom.

While NCSC hasn’t mentioned any specific attacker, they suspect that the attacks may continue in a chain-like manner, where a previous attacker may sell the ‘accesses’ to another one.

According to John Fokker from McAfee,

You see that more often because cracking a network and subsequently distributing ransomware are really two different sports.

NCSC has urged companies to stay vigilant. Not only should they implement appropriate security measures, but should also maintain backup of all data to prevent losses in such events.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients