Moldovan law enforcement arrested a suspected attacker linked to the DoppelPaymer ransomware group, which targeted the Netherlands Organization for Scientific Research (NWO) in 2021. The intrusion likely involved data encryption, operational disruption, and potential exfiltration of sensitive research or administrative data, given the ransomware’s modus operandi. Authorities confiscated $93,000, banking cards, cryptocurrency wallets, laptops, and storage devices, suggesting financial motives and possible theft of intellectual property or confidential information. The attack’s scale—coupled with the extradition of the suspect—implies severe consequences, including financial losses, reputational damage, and potential long-term research setbacks. Ransomware attacks on academic institutions often target high-value data (e.g., patents, grant details, or proprietary research), which, if leaked or locked, could threaten the organization’s core functions, partnerships, or funding. The involvement of international law enforcement underscores the attack’s gravity and cross-border impact.
Source: https://www.scworld.com/brief/suspected-doppelpaymer-attacker-against-dutch-orgs-arrested
TPRM report: https://www.rankiteo.com/company/nwo
"id": "nwo3155631113025",
"linkid": "nwo",
"type": "Ransomware",
"date": "6/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'scientific research',
'location': 'Netherlands',
'name': 'Netherlands Organization for Scientific '
'Research (NWO)',
'type': 'government/research institution'}],
'date_publicly_disclosed': '2023-10-04',
'description': 'Moldovan law enforcement apprehended a suspected DoppelPaymer '
'ransomware attacker involved in intrusions against Dutch '
'organizations, including the Netherlands Organization for '
'Scientific Research (NWO), in 2021. Authorities confiscated '
'$93,000, banking cards, an electronic wallet, a mobile phone, '
"laptops, and data storage devices. The suspect, a 'foreign "
"citizen,' will be extradited to the Netherlands. This follows "
'broader European crackdowns on cybercrime, including '
'sentencing in Ireland for malicious payload distribution and '
'arrests in Poland for DDoS-for-hire services.',
'initial_access_broker': {'high_value_targets': ['Dutch organizations',
'Netherlands Organization '
'for Scientific Research']},
'investigation_status': 'ongoing (extradition pending)',
'motivation': ['financial gain', 'cyber extortion'],
'ransomware': {'data_encryption': True, 'ransomware_strain': 'DoppelPaymer'},
'references': [{'date_accessed': '2023-10-04', 'source': 'The Record'}],
'regulatory_compliance': {'legal_actions': ['extradition to Netherlands',
'criminal charges pending']},
'response': {'law_enforcement_notified': True},
'threat_actor': {'individual': {'affiliation': 'DoppelPaymer ransomware group',
'nationality': 'foreign citizen (extradited '
'to Netherlands)',
'status': 'apprehended'}},
'title': 'DoppelPaymer Ransomware Attacker Apprehended in Moldova for '
'Intrusions Against Dutch Organizations (2021)',
'type': ['ransomware', 'cybercrime apprehension']}