Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Dutch Police. Show all posts
Ransomware attack
Cyber Attacks Dutch Police Dutch University Ransom Ransomware attack

Maastricht University Retrieves Ransom Amount Paid in 2019

 

Earlier this month, the southern Maastricht University (UM) in Netherland with more than 22,000 students, revealed that it had retrieved the ransom paid after a ransomware assault that targeted its network in December 2019. 

After a detailed investigation of the incident, Fox-IT researchers attributed the attack to a financially motivated hacker gang tracked as TA505 (or SectorJ04). The hacking group has been active since at least 2014 and has primarily targeted retail and financial organizations. 

The hackers breached the university's systems through phishing e-mails in mid-October and installed Clop ransomware payloads on 267 Windows systems on December 23, after moving laterally via the network. 

After a week, the university decided to accede to the criminal gang's demand and paid a 30 bitcoin ransom (roughly €200,000 at the time) for the ransomware decryptor. This was partly because private data was in danger of being lost and students were unable to take an exam or work on their theses. Secondly, the rebuilding of all compromised systems from scratch or creating a decryptor were not viable options. 

"It is a decision that was not taken lightly by the Executive Board. But it was also a decision that had to be made," University explained in a blog post. "We felt, in consultation with our management and our supervisory bodies, that we could not make any other responsible choice when considering the interests of our students and staff."

However, as UM recently revealed, the local police traced and seized a wallet containing the cryptocurrency paid by the university as ransom in 2019.

"The investigation [..] eventually paved the way for the seizure of the cryptocurrency by the Dutch Public Prosecution Service. As early as February 2020, the investigation team froze a so-called wallet containing part of the paid ransom," UM said. The value of the cryptocurrencies found at that time was €40,000; at the current exchange rate, they are worth approximately €500,000."

Although this might appear like the university made a considerable profit within a relatively short time, the €500,000 seized by Netherlands' Public Prosecution Service represents significantly less than the damage inflicted during the ransomware attack. These seized funds are now in a bank account under the control of the law enforcement agents, and the Ministry of Justice has already initiated legal proceedings to transfer them to the university.
Read more »
GGD
COVID-19 Cyber Crime Data Dutch Police GGD

Dutch Police Confiscated 2 Men for Stealing And Selling COVID-19 Patients Data

 

On Friday, 22 January, the Dutch police, and the Public Prosecution Service received warnings from the GGD that personal details from GGD applications are being made available for sale on Telegram. The Central Netherlands Police Cyber Crime Unit soon launched an investigation. This probe led the team to two GGD call center workers. Consequently, both were hunted down by the police. The offenders were both in Amsterdam on Saturday night, where they were detained and taken to jail. This involves a 21-year-old man from Heiloo and a 23-year-old man from Alblasserdam. Men's homes have been searched and their computers have been confiscated. “Stealing and selling or reselling personal data is a serious crime," the Dutch police stated. 

The two are among a wider number of individuals believed to have access to classified information and to have it sold to third parties, and further arrests have not been ruled out, police said in a statement. The selling of personal information through health board networks has been investigated by Broadcaster RTL, and it was disclosed to the association of GGD Health Board earlier this month. RTL states that the offer is not just for names, addresses, and mobile and confidential BSN numbers but much more. 

The arrests followed an investigation by RTL broadcaster, which uncovered online advertisements for Dutch citizen info, marketed on instant messaging apps such as Telegram, Snapchat, and Wickr. The advertising consisted of images of computer screens containing the details of one or more Dutch people. The broadcaster claimed that they had monitored the screengrabs of two IT systems used by the Dutch Municipal Health Service (GGD), namely CoronIT, which includes specifications of Dutch people taking the COVID-19 exam, and HPzone Light, one of the DDG's contact-tracing systems. 

“Some accounts are offering to look for information about a specific person,” RTL said. “That costs between €30 and €50 and will get you someone’s name, email address, phone number, and BSN number.” Other accounts provide wider data sets containing thousands of names or unique characteristics, such as individuals living in Amsterdam or over 50s. 

According to a broadcaster, the two perpetrators operated in DDG contact centers, where they had access to COVID-19 official Dutch government networks and databases. The identities of the two defendants, which were expected to appear before the court on 26th January, have not been released: in compliance with Dutch law. 

"Because people are working from home, they can easily take photos of their screens. This is one of the issues when your administrative staff is working from home," Victor Gevers, Chair of the Dutch Institute for Vulnerability Disclosure stated in an interview.
Read more »
Subscribe to: Posts (Atom)