On Friday, ransomware group Nova claimed KPMG Netherlands as its victim. The claim appeared on a so-called leak site, with specific reference to the Dutch branch of the service provider. Little is known about the nature and extent of the alleged attack.
Although KPMG operates worldwide, the Nova hacker group claims to have compromised only the Dutch branch. Such claims are usually used to put pressure on organizations that may already be aware of the attack. It is still unclear what specific data the criminals claim to have. More importantly, we do not know whether the claim is true. Nevertheless, Nova has announced that the data will be published online in 10 days if KPMG does not pay.
There has been no official confirmation or response from KPMG as yet. We have asked the company to respond to Nova’s claim. It is also unknown when the attack took place or what the exact impact is, only that it was discovered on Friday by the tracker ransomware.live.
Nova is the Clinical Diagnostics plague
The Nova hacker group has already built up a notorious reputation. Inside the Netherlands, the ransomware attack on the Clinical Diagnostics laboratory is by far Nova’s most famous action. That incident ultimately affected more than 850,000 people, mainly women from the cervical cancer screening program.
This was followed in September by an attack on FysioRoadmap, in which data from more than 20,000 patients was stolen. Nova’s modus operandi is notorious among cybercriminals, namely double extortion. This involves both encrypting systems and threatening to publish stolen data online or sell it to other criminals. This tactic has proven effective on multiple occasions. Clinical Diagnostics paid millions in ransom, although some of the data still appeared online. This is relatively common, as the actual data proves that the hackers can indeed follow through on their threat to publish it.
Waiting for details
The claim on a leak site often implies that data has been stolen and encrypted. But this is not yet certain. KPMG has not commented on the legitimacy of the claim or the status of their systems. Therefore, we cannot speculate further about the claim and the potential affected systems.
As many have asserted when similar incidents have occurred, the challenge often lies in timely communication and transparency. For now, we are waiting for a response from KPMG. The coming days will reveal whether Nova’s claim is valid and what data may have been stolen. If we assume that the claim is correct and KPMG does not pay the ransom, the data would appear online in 10 days.