Hundreds of companies in the Netherlands may also be affected by ransomware attacks

NOS Helen Kret

NOS NewsChanged

Hundreds of companies in the Netherlands may also become victims of the major international cyber attack that paralyzed computers worldwide last night. In any case, it concerns customers of the ICT company VelzArt in Waardenburg.

VelzArt has hundreds of customers. These companies have been warned that their computers could be infected, especially if they had their systems on between 18 and 20 yesterday. They are advised not to turn on their systems at this time. According to one employee, the impact is enormous. “We are busy and are called flat.”

The attackers managed to spread the ransomware through Kaseya software. ICT companies use this software to remotely manage customers’ computer systems.

chip shop

Systems have also been infected at Udenhout’s technical service provider Hoppenbrouwers. Action was taken quickly, but the impact remains large. “Yes, not in time enough. But in time, so that we could turn the ship in the right direction,” says director Henny de Haas. Computers have been infected, about 10 percent of the more than 1,500 computers used by the company. “It happened in a very smooth way. It happened via an update of software known worldwide.”

The attack has a significant impact on the company. Dozens of employees had to rush to all eighteen branches to check all computers. “It’s almost no fun doing business like this anymore,” says De Haas. The operation also ensured the necessary cohesion. “When our employees returned after a long day, we also brought a chip shop. Some had brought their children. It wasn’t quite a family party yet.”

Hoppenbrouwers had backups, but they were already a few hours old. “We lost a bit of time. We have a smart backup system. So we could retrieve things from just before the attack. But it may well be that an order has been placed that is on the customer’s computer but no longer in our system. That are small things, but very annoying.”

At least three other service providers in the Netherlands are known to work with the same software. It is unknown if two of them were damaged by the cyber attack. The third, Xantion, claims to have found no trace of the hostage virus so far.

They said turn off your server now, the Kaseya servers have been hacked.

Peter Oelen, director Xantion

Director Peter Oelen of Xantion was called home last night from a distributor of the Kaseya software. “They said: turn off your server now, because the Kaseya servers have been hacked. Two minutes later it was also turned off,” says Oelen. “Then we went to see if our server was infected.”

So far, Xantion’s computers do not appear to have been affected by the attack. “But we don’t know for sure yet, so the server remains switched off”, says Oelen. “And we don’t know when we can use Kaseya again, so what it will cost us is still uncertain.”

According to the director, the mega-attack represents a new level of cybercrime. Because usually, in a ransomware attack, only one company is attacked at a time. Now the attackers managed to reach many more victims via the servers of service companies. “Whereas normally you’re talking about a bullet to a company, you’re talking about a nuclear bomb that could potentially destroy thousands of companies in one fell swoop.”

It is therefore no longer about bad boys in an attic, says Oelen, but about the digital mafia. “This is a digital hacker multinational.”

Invisible

The Russian-linked REvil group appears to be behind the attack, which the FBI also blames for the attack on Brazilian meat processor JBS two months ago.

The new attack via Kaseya’s servers is similar to the one in 2017 with the NotPetya malware, says Mark Loman of the security company Sophos. The cyber attack proceeded in a similar way and cost, among other things, the Danish transport company Mærsk around 200 million euros.

According to Loman, many more companies were probably affected by this attack than is currently known. At his company, many customers had to deal with it. “We have a limited view of it. If you look at the companies where we have protected, and if we extrapolate that, I think tens of thousands of companies have been attacked.”

Exactly how much may never be clear, Loman suspects. “A lot remains invisible because many companies don’t show up.”

Leave a Comment