Cyber Incident Victim: LAKS

On May 11, 2017, the Dutch organization LAKS (Landelijk Aktie Komitee Scholieren) experienced a disruption to its exam complaint website, examenklacht.nl, beginning at approximately 16:00 local time. The site, which allows secondary education students to file grievances about exam content and duration during the annual national examination period (ongoing since May 10), became completely inaccessible. LAKS confirmed the incident was caused by the WannaCry ransomware, the same malware responsible for major attacks on UK hospitals the prior week. The infection originated not on LAKS’s own systems but on servers managed by their external system administrator, indicating a supply-chain compromise. This made LAKS the second confirmed major Dutch victim of WannaCry, following an earlier attack on Q Park’s parking garage systems.

LAKS did not pay the ransom demanded by the attackers to decrypt files. Instead, the organization relied on pre-existing backups of all exam complaints filed during the 2017 examination cycle. By the morning of May 12, these backups had been successfully restored on a separate server, resolving the outage. The attack significantly disrupted complaint collection during a critical period, particularly affecting submissions for the ongoing vwo (pre-university) chemistry exam at the time of the infection. LAKS anticipated a high volume of complaints for this exam but received far fewer due to the 20-hour outage. No data loss occurred due to the backup restoration, and the organization stated it had no intention of engaging with the attackers financially. The incident highlighted the operational risks posed by third-party service providers during time-sensitive processes.