Cyberattack on Dutch Research Council (NWO) suspends research grants

[mood]

Cyberattack on Dutch Research Council (NWO) suspends research grants

 

 

Servers belonging to the Dutch Research Council (NWO) have been compromised, forcing the organization to make its network unavailable and suspend subsidy allocation for the foreseeable future.

 

The NWO is tasked with investing in research and research infrastructure to increase quality and innovation in science. For this purpose, it is a significant entity in the Netherlands that makes annual investments of close to one billion euros. It funds thousands of researchers at universities and institutes in the country, driving quality and innovation in science.

Grants on pause

In a press release on Sunday that conveys a minimum of details about the attack, the organization says that its servers have been hacked and that its network is not accessible.

 

There is no timeframe for restoring the systems but the organization channels its efforts to solve the issues as fast as possible.

 

Details about the type of the attack or the malware that the hackers used remain unavailable at the moment.

 

With the network down, NWO applications remain unavailable. This includes the organization’s email service (Outlook) and the online resources from the two entities under NWO, the Netherlands Initiative for Education Research (NRO) and the National Governing Body for Practice-oriented Research SIA.

 

NWO says that its website was not impacted by the attack. The external server hosting the ISAAC application and reporting system used by applicants to submit their proposals also appears to have not been infected.

However, the ISAAC server has been shut down until the incident assessment removes all suspicion of the possibility of malware infection. As a result, the processes of SIA and NRO remain suspended indefinitely.

 

NWO says that rounds with deadlines coming up soon have been postponed and the evaluation of grant proposals with a passed deadline has been stopped.

 

The organization also informs that it will provide no more details about the attack and how it occurred while the investigation and system restoration work are underway.

 

The NWO is the second public body tasked with investing in science and research that has been hit by a cyberattack in less than a month.

 

In late January, the UK Research and Innovation (UKRI) agency announced that it had suffered a ransomware attack that encrypted data and affected two of its services. Just like NWO, UKRI also handled large funds.

 

 

Source: Cyberattack on Dutch Research Council (NWO) suspends research grants

[mood]

Dutch Research Council (NWO) confirms ransomware attack, data leak

 

 

The recent cyberattack that forced the Dutch Research Council (NWO) to take its servers offline and suspend grant allocation processes was caused by the DoppelPaymer ransomware gang.

 

The hackers gained access to NWO’s network on February 8 and stole internal documents, threatening with leaking them unless the organization paid a ransom.

No dime for DoppelPaymer

Since NWO does not cooperate with cybercriminals, DoppelPaymer published proof of the stolen internal data on their leak site. This tactic is typical to ransomware gangs and the purpose is to pressure victims into paying the ransom.

 

NWO is the main body that funds researchers at universities and institutes in the Netherlands, making annual investments of up to one billion euros.

 

The organization announced on February 14 that its network had been hacked, without providing details regarding the incident, only about the impact it has on its activity.

 

On Wednesday, the DoppelPaymer ransomware gang leaked a dozen files stolen from NWO’s servers to show that they have a larger cache and are still open to negotiations.

 

 

[Although the ransomware gang call themselves Dopple, the media refers to this actor as Doppel because of the extension "doppeled" they append to the encrypted files on a victim's system]

 

In an update on the incident yesterday, the organization says that the hackers have internal NWO documents from the past years that include details about its employees. This does not change its decision not to pay the hackers.

Network restoration

NWO is currently working on restoring the network, which indicates that systems have been encrypted, typical to most ransomware actors. Operations are expected to resume in a few weeks.

 

A FAQ from the organization informs that the cyberattack impacted network disks with data processed by NWO, the NWO-I office, the National Governing Body for Practice-oriented Research SIA, and the Netherlands Initiative for Education Research (NRO).

 

Other organizations using the same network servers are the NRO Steering Body, SIA Steering Body, TKI-HTSM, TKI Chemie, European Polar Board, and the LNVH were affected.

 

The UK Research and Innovation (UKRI) agency, which has the same mission as NWO, has also been hit by a ransomware attack in January that encrypted data and affected some of its services.

 

While NWO still has some work to do to restore services and operations, UKRI announced that it restored services provided by its UK Research Office (UKRO) based in Brussels. Users will have to reset their passwords at login.

 

 

Source: Dutch Research Council (NWO) confirms ransomware attack, data leak