The Dutch Royal Notarial Association (KNB) made a statement (Dutch only) on the 20th of April that a group of 96 notary offices within The Netherlands cannot pass deeds due to a breach at Managed IT. The IT supplier suffered a (data-)breach and has disconnected the access to servers and databases, which resulted in the notary offices being unable to use their services.
The attack impacts approximately 10% of the notary offices. It is still unclear what exactly happened as Managed-IT has not made a statement yet, and their website is still offline three days after the attack. They did hire an incident response team to perform research into the hack.
Managed IT released a statement that they have suffered a ransomware attack that impacted an essential part of the company’s network. According to the company, the attack targeted Managed IT themselves and not their customers. Thus, they claim no customer information has been leaked or stolen. However, they didn’t provide any evidence of this.
It was reported (Dutch only) the hacker group used Bitlocker to encrypt their system completely. It was not possible to use backups because they did not have any offline backups at the time of the incident. Because there “was no realistic alternative,” they eventually paid an unknown ransom to the hacker group to regain access to their system.
Managed IT paid an unknown amount of money to regain access to their network, and Managed IT is now again in complete control of their network. They are now slowly providing the notary offices access to their services again. The expectation is that the notary offices will be fully back online by the end of this week.
How could this have been prevented?
While we do not have any information about the measures taken by the notary offices, there are two items we’d like to point out.
Organizations should make sure to:
- Vet and monitor your suppliers actively to reduce the chance of such breach happening at your suppliers to the absolute minimum.
- Set up redundant core activities. The notary offices outsourced an essential part of their core activities to third parties, but what if those cannot provide their services? We recommend that for such critical activities, another way is possible to perform them, for example, via a different system or through paper.