A
confidential report from the Netherlands’ National Cyber Security Center
warns that ransomware operators are targeting at least 1,800 large
organizations worldwide in industries such as construction, chemical, healthcare,
food, entertainment and critical infrastructure (energy, water, utilities).
The report
says three ransomware strains are used in attacks worldwide, including many
targeting the Netherlands. Those are LockerGoga, MegaCortex and Ryuk, which have
gained notoriety over the past year in attacks on large infrastructures with
high annual turnover rates.
The NCSC said
it has only identified 1,800 victims, but the actual number of targeted
organizations could be much higher.
“Dutch
branches of multinationals have also been hit, including those of an American
chemical company. Moreover, that company is an important supplier of critical
infrastructure in the Netherlands. This includes, among other things, drinking
water, internet access and energy,” according to Dutch television channel NOS, which obtained
a copy of the NCSC report.
“We
conducted this investigation following disruptive ransomware attacks
abroad,” a spokesperson for the NCSC said, adding that the ransomware
campaign likely started in July last year.
Investigators
found evidence that “a professional criminal organization” is carrying out most
of the attacks, in an organized fashion. One group handles penetration efforts
while another deploys the malware, according to an example offered by the
government-operated cyber division. The NCSC warns that more government
institutions and critical infrastructures are likely in the attackers’
crosshairs, adding that organizations worldwide are not taking basic measures against ransomware infection.
As readers recall,
LockerGoga has been used in several
ransomware attacks against critical infrastructures this year, including the Norsk Hydro incident in Norway, the hit on Altran Technologies, and a subsequent attack on two chemicals companies in the United
States.
Ryuk has been used in attacks on government, education and healthcare
institutions and is designed
to infect these kinds of infrastructures.
The MegaCortex strain is a cyber Swiss army knife that encrypts files, changes the
user’s password and threatens to publish the victim’s files if they fail to pay
the ransom.