The number of companies falling victim to ransomware has increased, according to figures released today by the Dutch Data Protection Authority (AP).
These figures pertain to last year, 2023, and are now complete. Melissa, a collaboration between the police and security firms, had earlier this year estimated the number of incidents at 147. However, the AP reports a final count of 178.
The difference can be explained by the fact that the AP, as a government body, likely has a better overview of the total number of attacks due to mandatory reporting requirements, compared to industry organizations. However, it is still reasonable to assume that, unfortunately, not all cases are reported.
Additionally, a study conducted by the AP, with 90 organizations participating voluntarily, revealed that 2 out of 3 organizations did not have their security in order. This may be a contributing factor to successful ransomware attacks. Once so-called 'ransomware' encrypts files containing personal data, it qualifies as a data breach according to the AP's definition.
In half of the investigated successful ransomware attacks, not only were systems held hostage, but personal data was also encrypted. It is assumed that this data may have ended up in the hands of criminals.
8 of the 90 organizations that participated in the study admitted to paying in order to get their data decrypted. This is not recommended, as it offers no guarantee that the criminals will actually decrypt the data. Furthermore, it does not ensure that the data has not already been leaked, as it could have been copied. Finally, paying only encourages this form of crime to continue. In some cases, it even leads to the same organization being attacked again.
The most common ways organizations are attacked remain the same:
- Failing to install security updates in time or at all
- Lack of or minimal segmentation of the internal network
- Inadequate password management policies
- No multi-factor authentication
In about one third of the cases, it is unclear how the criminals gained access. In a similar portion, 29%, the method was identified. In these cases, it was due to vulnerable software. The remaining cases involved phishing, brute force, and credential stuffing attacks. Additionally, some cases involved stolen account details, allowing criminals to simply log in.