Cyber Incident Victim: Veiligheidsregio Noord- en Oost-Gelderland
Date:
Sep 2020
Location:
Netherlands
Summary
A ransomware attack targeted a security region in the Netherlands, compromising internal systems and causing significant operational disruptions, including limited or non-functional capabilities. While critical emergency notification systems used by security services remained unaffected, the incident resulted in widespread damage to the organization's infrastructure. The attack occurred over a weekend, highlighting vulnerabilities in the entity's network defenses and impacting various internal functions essential for daily operations. Response efforts focused on mitigating the immediate effects and restoring affected systems to normal functionality.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A ransomware attack targeted Veiligheidsregio Noord- en Oost-Gelderland (VNOG) during the weekend of September 12-13, 2020, compromising the organization's internal systems. The infection caused significant operational disruption, leaving multiple functionalities either partially operational or completely inoperable. While the full scope of compromised systems was not detailed in public reports, the attack inflicted confirmed damage to VNOG's core infrastructure. Emergency response coordination capabilities were impacted, though critical communication channels remained unaffected. No explicit details regarding the ransomware variant, initial attack vector, or data exfiltration claims were disclosed by the security region or corroborated in available reporting.
The incident notably spared VNOG's notification systems, including P2000 and C2000, which remained fully functional throughout the attack. These systems, essential for real-time communication between police, fire departments, and medical services, ensured continuity of emergency response operations despite the broader IT disruption. The security region did not publicly confirm whether ransom demands were issued or whether data restoration relied on backups versus decryption. Operational limitations persisted in affected internal systems post-attack, though the organization did not specify remediation timelines or containment measures undertaken. Public statements emphasized the isolated nature of the communication system resilience while acknowledging ongoing recovery efforts across damaged infrastructure.