Fewer Dutch businesses struck by ransomware attacks in 2024

Because hackers and cybercriminals made little to no changes to their tactics, techniques, and procedures (TTPs), fewer businesses and organizations in the Netherlands have become the victims of ransomware attacks.

The National Cyber Security Centre (NCSC), whose task is to monitor cybersecurity incidents at a national level, registered 121 unique incidents last year. Compared to 2023, that’s a slight decrease, when 147 incidents were reported to the NCSC.

According to the latest edition of the Ransomware Review Report, a total of 76 incidents have been reported by companies and organizations directly, 20 incidents were reported by response companies.

In addition, the Digital Trust Centre (DTC) states that ransomware operation Cactus was responsible for ‘a significant number of Dutch victims’. Members of the group managed to compromise corporate networks of unsuspecting businesses and organizations by abusing vulnerabilities in analytics software Qlik Sense.

With 24% of all ransomware attacks, the IT sector was the most affected sector in the Netherlands in 2024. The number of security incidents in this sector increased from 16 to 29. The trade sector (20%) and industry (13%) were also highly affected by ransomware attacks.

Research shows that 38% of unauthorized access attempts succeeded because of a successful phishing attack. Hackers managed to steal login credentials and were able to take full control of an employee’s account. They then can change passwords, perform financial transactions, and copy personal or corporate data.

In 33% of all ransomware incidents, the attacker gained access within the organization by exploiting security holes and vulnerabilities.

Lastly, the Ransomware Review Report states that 29% of all ransomware victims in 2024 paid ransom to remove the malicious software and regain access to its information. Compared to 2023, the willingness to pay ransom has increased by 11%. This is most likely due to the smaller number of victims in 2024 compared to 2023.

According to the NCSC and the Dutch National Police, most of the time unauthorized access can be prevented by simply implementing basic security measures, such as keeping software up-to-date, training employees to be more aware of cybersecurity threats, and properly managing access to data and services.

“Filing a report is crucial if you have become the victim of ransomware attack. Even if criminals have already been paid, this provides the police with important information. A report may contain missing information that the police can use to unlock the system. It also helps to find suspects,” the NCSC and Dutch National Police urge.