Wetsus held hostage for 8 days by hacker: “like being in a bad film”

Translated by Thomas Ansell

As reported by the Leeuwarder Courant, the water research institute in Leeuwarden, Wetsus, was held hostage by a computer hacker for 8 days. Whilst the organisation has paid its ransom, it has not yet been given all of the ‘keys’ to its systems back.

General Director Johannes Boonstra said that it was a series of ‘horrible’ days: “like being in a bad film”. Since last Monday, Boonstra and an expert team have, night and day, been in a battle with the supposed hacker, who had taken control of Wetsus’ networks.

From yesterday afternoon, and following arduous negotiations and more payments, the 150 staff, 60 researchers, and 50 students were able to get into their network again.

“Apparently, in normal cirumstances you pay the hacker a ranson, and once you have paid you get all of the digital tools to get your files back”, said Boonstra, “you learn quickly!” However, Wetsus’ hacker did not adhere to normality: “last Monday morning, the central computer displayed a classic pirate’s flag- and then underneath, English text saying ‘if you want your files back, e-mail me’. We immediately reported the issue to the police, and made contact with all the relevant organisations such as the National Cyber Security Centre, and Fox-IT. We also got a lot of fantastic help from the University of Maastricht, who were also hacked recently”, said Boonstra.

The organisation paid up a ransom on Tuesday of last week; “and we were waiting for the tools, so that we could get to our programmes and files”, said Boonstra. After waiting for a few hours, an e-mail arrived with the first ‘key’: a small amount of code. After that, Wetsus found that it couldn’t unlock all 15 of its servers, and some were left locked.

“We have exchanged somewhere between 50 and 70 emails, and sometimes the hacker would let 12 hours go by without replying”, said Boonstra. On Friday, the hacker messaged to say that they wanted more money; “not much, but still”. That made the Wetsus team quite angry, as it went against the alleged hacker’s code of honour.

So, Boonstra and his team came up with a final offer- send us the codes, we will pay, then send us a final code and we are done. “If not, then we will use our back-ups. We lose, but then so do you”, explained Boonstra.

Boonstra hopes that other organisations and businesses can learn from Wetsus’ ordeal. “Even if you are, today, 100 per cent protected, you can still be open to attacks tomorrow morning.”

Image via Wetsus