Dutch research funder operations frozen for a month after hack

Researchers in the Netherlands have been left unable to apply for grants from the country’s main research funder after it was hit by a ransomware attack that has frozen operations for nearly three weeks.

The Netherlands Organisation for Scientific Research (NWO), which cannot pay a ransom to the attackers because it is a public body, was scrambling to restore its systems but said its activities would be on ice until at least 15 March.

Academics cannot apply for grants, and the NWO is unable to review its backlog of applications after it shut down the relevant network as a precaution, meaning that deadlines will probably have to be pushed back.

“We have to completely rebuild our system,” said a spokeswoman for the NWO, which has an annual budget of nearly €1 billion (£860 million). The organisation has said it would “most likely” have its network running again “within a few weeks”.

NWO staff are unable to use the email system and have had to resort to their personal accounts. Half a dozen other organisations have been affected, too. The Dutch Network of Women Professors, a gender equality group that shares offices with the NWO, said its databases and documents were inaccessible, meaning that it had to delay informing applicants of its own grant decisions.

Online events have also been cancelled because the NWO network is down.

Researchers have taken to Twitter to ask when applicants will be accepted again. Marleen Weulen Kranenbarg, an assistant professor in criminology at Vrije Universiteit Amsterdam, said she might have to delay data collection in an NWO-funded research project into cybercrime as a result of the attack.

She said she had been awaiting certain approvals from the NWO when the hackers struck – although she can still start on the first phase of the project, a literature review.

The hack occurred on 8 February when the NWO was infiltrated by the ransomware group DoppelPaymer – whose other recent victims reportedly include the car manufacturer Kia, a university clinic in Düsseldorf and a Nasa contractor – but it was only detected five days later.

Trying to force the NWO to pay up, DoppelPaymer has started leaking documents on to the dark web. Some of these contain “personal information” about staff members, the NWO spokeswoman said, although the organisation was still trying to determine exactly which files had been taken.

Unlike the NWO, Dutch universities are free to pay hackers a ransom to restore system access. After an attack over Christmas 2019, Maastricht University paid cybercriminals the equivalent of €200,000 in bitcoin.

Dr Weulen Kranenbarg’s research focuses on “ethical hacking” and how to keep “hackers on the good side”.

“Paying criminal hackers will do the opposite: it shows that using hacking skills for criminal purposes pays off,” she said. “I am proud that the NWO has the courage to clearly state that it will not pay the hackers.” But hacked organisations without backups, for example, sometimes have no choice but to pay up, she added.

In mid-February, the University of Amsterdam and Amsterdam University of Applied Sciences revealed that they had been “attacked by professional hackers who are looking for financial gain”.

This hack has not yet led to widespread system outages, nor are there any reports of a ransom being paid. But tens of thousands of staff and students have had to change their passwords as a precaution.

david.matthews@timeshighereducation.com