‘Professional’ ransomware gang targets 1,800 large organizations worldwide, Dutch investigators find

A confidential report from the Netherlands’ National Cyber ​​Security Center warns that ransomware operators are targeting at least 1,800 large organizations worldwide in industries such as construction, chemical, healthcare, food, entertainment and critical infrastructure (energy, water, utilities).

The report says three ransomware strains are used in attacks worldwide, including many targeting the Netherlands. Those are LockerGoga, MegaCortex and Ryuk, which have gained notoriety over the past year in attacks on large infrastructures with high annual turnover rates.

The NCSC said it has only identified 1,800 victims, but the actual number of targeted organizations could be much higher.

“Dutch branches of multinationals have also been hit, including those of an American chemical company. Moreover, that company is an important supplier of critical infrastructure in the Netherlands. This includes, among other things, drinking water, internet access and energy,” according to Dutch television channel NOS, which obtained a copy of the NCSC report.

“We conducted this investigation following disruptive ransomware attacks abroad,” a spokesperson for the NCSC said, adding that the ransomware campaign likely started in July last year.

Investigators found evidence that “a professional criminal organization” is carrying out most of the attacks, in an organized fashion. One group handles penetration efforts while another deploys the malware, according to an example offered by the government-operated cyber division. The NCSC warns that more government institutions and critical infrastructures are likely in the attackers’ crosshairs, adding that organizations worldwide are not taking basic measures against ransomware infection.

As readers recall, LockerGoga has been used in several ransomware attacks against critical infrastructures this year, including the Norsk Hydro incident in Norway, the hit on Altran Technologies, and a subsequent attack on two chemicals companies in the United States.

Ryuk has been used in attacks on government, education and healthcare institutions and is designed to infect these kinds of infrastructures.

The MegaCortex strain is a cyber Swiss army knife that encrypts files, changes the user’s password and threatens to publish the victim’s files if they fail to pay the ransom.