The Netherlands Organization for Scientific Research (NWO) published an update today, informing the world that while they are slowly getting back on track, the agency is still recovering from last month’s ransomware attack. The current status is that emails and telephones are up again, although not all lines have been set up yet. What still requires manual labor is work on documents, scheduling, adjusting the official guidelines, and reviewing the applications for scientific grants.
These applications will inevitably experience delays, so all timelines and the corresponding deadlines will be adjusted as required. Also, NWO states that most of the information that was encrypted during the February 08, 2021 ransomware attack has been recovered, but some key parts are still missing. Messages sent to NWO between February 6 and March 7, 2021, haven’t been recovered yet, and some of the information from the week prior to February 13 has also been lost. Unfortunately, there’s a good chance that this data won’t be possible to recover.
NWO's measures now include the implementation of a sophisticated virus scanner, a new spam filter, and the adoption of multi-factor authentication for all users of the servers. NWO is rolling out these additional security measures with the help of external IT specialists, and according to the spokeswoman who shared a comment with a local media outlet, the agency was actually already planning this work, but the hackers attacked in the meantime.
According to what we were able to find with the help of KELA, the cyber-intelligence experts, the ransomware gang that hit NWO was DoppelPaymer, and the actors have already leaked a dozen files stolen from the servers of the Dutch research council.
Agencies using the same network include the National Governing Body for Practice-oriented Research SIA, and the Netherlands Initiative for Education Research (NRO), the NRO Steering Body, the SIA Steering Body, TKI-HTSM, TKI Chemie, the European Polar Board, and the LNVH.