The Gelderland municipality of Buren announced the cause of the ransomware attack in April on Wednesday. The perpetrators used stolen login details from the software supplier to enter the municipality’s system.
The investigation into the attack was completed this week. It turned out that the hackers used stolen credentials from the software vendor to break in and install the ransomware. The account the criminals used did not have two-step verification enabled, reports the municipality† The municipality does not say which software supplier is involved.
At the beginning of April, the municipalities of Buren and Neder-Betuwe were hit by a ransomware attack. Three weeks later, it turned out that 130GB of data from the Municipality of Buren was on the dark web. 1,331 copies of passports and identity cards were stored in the government agency’s system. The municipality has offered the affected citizens to have it replaced free of charge.
Mayor Josan Meijers does not rule out the possibility that more data may emerge on the dark web. The municipality has not negotiated with the perpetrators on the advice of cybersecurity experts and the national government. It is not yet known who is behind the attack.