Contact
More about DataExpert

News

Ransomware trends Q1 2025

Key insights and how Dutch sectors are affected

In the first quarter of 2025, ransomware attacks have once again shown their disruptive force. According to several ransomware monitoring sites, fourteen Dutch organizations were publicly listed as victims on leakpages from several different ransomware groups. Based on the data from these sites, this is an increase of three companies based on the same period last year. Please note that these are publicly listed vicitims, which means the total number of Dutch companies that were hit are most certain more than fourteen.

In March, it looked liked no victims would be publicly listed. However, the last week of the previous month turned out to be a tough one for Dutch organizations, as 4 of them were publicly listed within this one week. The continuing wave of attacks underlines the persistent threat landscape facing both public and private sector organizations.

 

What is Ransomware?

In a nutshell, a ransomware attack is a type of cybercrime where hackers infiltrate a computer system or network, encrypt the victim’s data on that system or the whole network, and demand a ransom payment in exchange for the decryption key and/or to stop the publishing of data that has been exfiltrated. These attacks typically begin with phishing emails or exploiting system vulnerabilities. Once inside, the malware spreads, locks files, and displays a ransom note with payment instructions—often in cryptocurrency. Victims include individuals, businesses, and government agencies. Even if the ransom is paid, there's no guarantee the data will be restored or published. Ransomware attacks can cause severe operational disruptions, financial losses, and reputational damage.

 

Most Targeted Sectors

The Technology sector was the most frequently targeted, with 5 of the 14 incidents affecting software vendors, IT service providers, and digital infrastructure companies. These organizations often act as critical enablers for other sectors, making them attractive targets for attackers seeking broader downstream impact.

Transportation & Logistics was also heavily affected, with 3 incidents disrupting supply chains and logistics operations. Attacks in this sector can have significant ripple effects, especially when they impact time-sensitive deliveries or large-scale transport hubs.

Other impacted sectors include Business Services, Manufacturing and Healthcare, confirming that ransomware actors continue to target both critical infrastructure and sectors heavily reliant on operational continuity.

Some of the companies that were hit not only experienced downtime, but also had their data exposed, possibly resulting in financial losses and reputation damage.

 

Ransomware Groups 

The ransomware group d0p was the most active in the Netherlands in Q1 2025, responsible for four of the fourteen incidents. d0p has built a reputation for swift attacks combined with aggressive extortion tactics, often threatening public data leaks. The fog group followed with 2 attacks, continuing its steady activity across Europe, primarily targeting mid-sized enterprises with limited defensive maturity.

The remaining incidents were carried out by a variety of other groups, each responsible for a single attack. This fragmentation highlights the growing diversity of actors in the ransomware ecosystem, with both established and emerging groups launching opportunistic or highly targeted campaigns.

 

How to Defend Against Ransomware

Organizations can reduce the likelihood and impact of ransomware incidents through a multi-layered security approach. Key measures include:

•    Multi-Factor Authentication (MFA): Enforce MFA across all remote access points, admin portals, and critical systems.
•    Patch Management: Apply security updates regularly, especially for internet-facing services, VPNs, and known exploited vulnerabilities.
•    Least Privilege Access: Restrict user rights to the minimum required for their role, and monitor privileged account activity.
•    Backup Strategy: Ensure regular, automated backups are made and tested. Store backups offline or use immutable storage to prevent tampering.
•    Creating Awareness: Employees are often the first and last line of defense. Make sure that they can recognize incidents, social engineering attempts and are up-to-date on the company’s policies and procedures.
•    Incident Response Readiness: Maintain and rehearse a robust incident response plan. Identify roles, responsibilities, and external contacts in advance.

Regular security assessments and employee awareness training can further strengthen an organization's overall resilience.

 

How DataExpert Can Help

At DataExpert, we support organizations in preventing, detecting, and responding to ransomware threats. Our services include:

•    Security Operations Center (SOC) monitoring and threat detection
•    Managed Security Awareness Training to help your staff recognize and respond to phishing attempts and other attack vectors
•    Incident Response support to help contain, investigate, and recover from active attacks

If your organization is looking to strengthen its cybersecurity posture or needs assistance following a ransomware incident, our experts are ready to help.