The Melissa Project released the Ransomware Annual Report 2023, the focus of which were Dutch businesses and organisations with over 100 employees. Ransomware is malicious software that infiltrates computers, encrypts files, and demands a ransom for file decryption. Some notable findings from the Digital Trust Center (DTC) include:
- Around 30% of ransomware incidents involved attackers gaining access through exploiting security flaws and vulnerabilities.
- In 28% of cases, entry was through unauthorised logins. For example, successful phishing attacks where login details were stolen or passwords were cracked.
- The government advises against paying ransoms. A majority of victims heeded this advice, with only 18% paying the ransom, which is below the global average of 46%.
- 58% of the victims did not have a backup.
- Victims are found across all sectors, but predominantly in industry and commerce, accounting for over 33% of incidents.
Read here the full annual report on the National Cyber Security Centre’s website (available in Dutch).
Five basic principles
The study concludes that many small businesses still don’t employ sufficient cybersecurity measures. The DTC highlights that performing prompt updates and ensuring strong passwords with multi-factor authentication (MFA) are simple yet effective measures. Additional tips to reduce cyber risks for entrepreneurs are outlined in the five basic principles of safe digital business (in Dutch).
Melissa Project
The Ransomware Annual Report 2023 was published by the Melissa Project, a collaborative effort involving the Netherlands Public Prosecution Service, the police, the National Cyber Security Centre (NCSC), and cybersecurity firms affiliated with Cyberveilig Nederland. The incident data in the annual report is based on information from the NCSC, the police, and eight security companies.