“Do not pay cyber criminals,” why do companies do that?

August 19, 2025 Sara Coughlin Technology 0
cyber criminals

This article was last updated on August 19, 2025

Canada: Free $30 Oye! Times readers Get FREE $30 to spend on Amazon, Walmart…
USA: Free $30 Oye! Times readers Get FREE $30 to spend on Amazon, Walmart…

“Do not pay cyber criminals,” why do companies do that?

“Do not pay internet criminals,” the police emphasize. “You maintain the earnings model, and you have no guarantee that your data is safe.”

Nevertheless, companies pay so regularly that it pays for ransomware groups to attack structurally companies. The relatively new Ransomware group NOVA, which successfully attacks Clinical Diagnostics and threatens to publish data from Population Research Netherlands, is just one of the many.

If your loved one is abducted, you just want it back.

ICT security company Pim Takkenberg

ICT security company Pim Takkenberg, who assists hacked companies, understands that companies pay. “Of course you maintain the system. But if your loved one is abducted, you just want your loved one back.”

In this case it is not about people of flesh and blood, but about sensitive data used as a means of pressure. Not paying means that this information is published.

This also has risks: if data is published from customers or employees, they can fall victim to scams. Takkenberg: “Then you see that companies often still pay.”

Repay

This morning pale The Ransomware group Nova to request more ransom from Clinical Diagnostics: at least 1.1 million euros. That would be the amount that an external buyer wanted to pay for the stolen data in the form of 11 bitcoins.

The criminals argue that Clinical Diagnostics would have violated an appointment with Nova. It is probably about involving the police in the data breach. However, the police informed the NOS that Clinical Diagnostics did not report, but that the police are investigating the hack.

Publishing data as a means of pressure is relatively new. In the first instance, ransomware was only focused on flattening a company: all files were inaccessible, with a cryptographic key that only the scammers have. Payment is needed to get that key and to be able to open the files again.

But if a company has made good backups of important files, there is little reason to pay: keeping the invaders out of the company network and the restore of files is sufficient.

Now that more and more companies that have good order have been switched to a new model in recent years: first stealing as much sensitive data as possible, and then locking the network. The stolen private data are a successful extra pressure means: so paid The KNVB football association for that reason ransom.

Promise

The criminals then often adhere well to the agreements, says Tom Sturme of security company Nerium. “If you pay, they will not throw the data publicly on the internet.”

Often the criminals also make all kinds of other promises, such as a report with information about how the attackers arrived and the agreement that the victim will not be attacked again in the coming year.

At the same time, criminals remain, and there is no guarantee that the data, for example, will not end up somewhere. “That happened, for example, at the Conti-Group, which collaborated with the Russian government,” says Sturme.

However, the fact that the NOVA group is now demanding ransom is exceptional, says Takkenberg. “I have never seen it before. The professional ransomware groups adhere neatly to their agreements.”

Bluff

In the case of Clinical Diagnostics, NOVA suggests that it wants ransom again because the company would have had contact with the police. At the same time, a buyer would be interested in the stolen data. According to ICT secure sturme, it is quite possible that Nova is bluffing. “If you can now earn 1.1 million euros, why would you first go back to your victim?”

In any case, the police advise always to contact us, although many gap groups forbid that. “Make a report, because we have also shown that we can really get infrastructure from the air and tackle groups,” says Stan Duijf, head of Operations High Tech Crime at the police.

The Dutch Data Protection Authority agrees. Companies must especially protect themselves, the body says in a written statement. “We see that the risk of digital attacks is estimated too low.” And if data is stolen, a report is mandatory to the Dutch Data Protection Authority, De Waakhond notes. Even when paid.

Share article:

Share with friends
You can publish this article on your website as long as you provide a link back to this page.

Be the first to comment

Leave a Reply

Your email address will not be published.


*