The Dutch Organization for Scientific Research (NWO) was recently subjected to a ransomware attack where hackers published a database of internal records of the organization.

After the organization denied compensation with the hackers’ demands for resources, the hackers decided to disclose the internal records of the organization.

The ransomware attack has not only rendered NWO’s grant application and assessment processes unavailing but has also isolated the organization’s communication practices with the grantees, applicants as well as universities.

Not heeding the hackers’ ransom demands:

The increasing number of cyberattacks and ransomware attacks has left many officials, non-official, government, private, large scale, as well as small scale organizations wary of the intensity of their implication on a cybersecurity aspect. Hence, in most ransomware attack scenarios, agencies and organizations tend to just pay up the ransom to meet the demand of the hackers or bad actors.  

However, in NWO’s case, the organization refuses to do so. 

According to NWO’s statement on the ransomware attack, the organization remains unwavering from its fundamental grounds of being “part of the Dutch official institutes” and will not pay the ransom.

“Although NWO highly regrets the unfortunate incident of sensitive personnel documents being exposed, NWO will not alter its position.” reports the agency.

NWO also remarked that additional hijacked records might wind up being published.

Impacts of the recent ransomware attack:

As Netherland’s major funding agency, NWO garners a total budget of more than €1 billion. This makes it essential for the organization to communicate with a number of grantees and funders.

After reporting the ransomware attack on February 14, NWO communication services have seemingly been largely impacted by the attack.

According to reports, the organization is not able to utilize telephone lines, emails, and other relative applications. The affiliated organizations of NWO, including the Netherlands Initiative for Education Research as well as the European Polar Board, have also been unable to make use of these services.

Multiple gatherings and meetings have been temporarily terminated by NWO, at least till March 15. Inability to pay or receive bills has also impacted the payment procedures of the agency.

NWO has recommended that the applicants and grantees convey their shortcomings and questions via their official website since the website was not impacted by the ransomware attack.

Also read,

The grant application structure of NWO is operated on an external server is evidently unaffected. Since investigations are still underway, the servers have been taken down on a temporary basis as a precautionary measure. 

New grant cycles have been adjourned and the survey procedures for the existing ones are suspended. 

NWO reports coordinating with cybersecurity experts and organizations to renew their systems yet the required time is unclear.

NWO is still attempting to investigate whether confidential grant applications and reviews have been stolen or not.

DoppelPaymer ransomware suspected:

After recent warnings issued by the FBI against the NWO suspects that the ransomware attack was committed using the DoppelPaymer ransomware which had emerged back in 2019.