Hackers are demanding 750,000 euros from the municipality of Hof van Twente via “ransomware” to release encrypted files, de Volkskrant reported on Monday morning on the basis of contact with the hackers. Last week, cyber criminals invaded Hof van Twente’s ICT systems and encrypted large amounts of data: privacy-sensitive information about benefits, emails, permit applications and financial administration. The municipal organization is in disrepair.
Mayor Ellen Nauta of the municipality of Twente faces a devilish dilemma: is she going to pay the ransom? The alternative: build a completely new digital system, based on new data. Such an operation would certainly take months, causing a lot of inconvenience and uncertainty for the residents. The mayor himself does not want to say anything about the issue. What is Wisdom?
“The answer is always: don’t pay,” says Stefan van der Wal of cybersecurity company Barracuda. “When you pay, it becomes more and more attractive for hackers to penetrate somewhere and demand money. But it is not that simple in this case. I can well imagine that they will pay, because it will pose a problem for citizens when they do not. It is a pure business consideration: to what extent can my organization function without that data? ”
“In general, you see that cyber criminals release the data when payment is made. Many cyber criminals use some kind of code: if they get the money, they cooperate. Otherwise, organizations will be much less likely to pay for subsequent cyber attacks if they think they will not get the files back. ”
“Worldwide, we see that the number of attacks on local governments is increasing. Especially in the US, we see that there have been a lot of successful attacks on local governments in recent years. We do not have specific figures for the Netherlands, but something like that often blows over. Cyber criminals see that things work well in one country, and then check whether this is also the case in other countries. ”
“It pays well. Cyber criminals always opt for an investment that is most likely to generate money. In the US, it has been shown that this is more likely with local governments, which manage enormous amounts of sensitive data. While some cyber criminals are still somewhat reluctant to attack a hospital, because that can cost lives, they are much less so at municipalities. ”
“That is not an unambiguous picture. There are municipalities that are doing very well, and municipalities that are lagging behind. I don’t know what the situation was like in Hof van Twente. ”
“We use four steps: prevention, detection, response and recovery. Step one: how do I prevent an attack? Prevention is only possible to a certain extent, there can always be someone who clicks on the wrong link, or a hacker who bypasses all security. Then the response becomes important: what steps do I take when there is an attack? You have to determine that in advance. Then the recovery follows, for example restoring files by means of a backup. You must then have already considered during the preventive phase what to do if the backup is also encrypted, as is currently the case in Hof van Twente. Do I still have an alternative?
Ask yourself these questions, and think in advance: what’s the worst that could happen? Then you come a long way. ”
Also read:
Vulnerable residents are given priority after a cyber attack at the municipality of Hof van Twente
The municipality of Hof van Twente is dead after a cyber attack. The most vulnerable residents will be helped in the meantime, assures the mayor.