Moldovan law enforcement arrested a suspected attacker linked to the DoppelPaymer ransomware group, which targeted the Netherlands Organization for Scientific Research (NWO) in 2021. The intrusion likely involved data encryption, operational disruption, and potential exfiltration of sensitive research or administrative data, given the ransomware’s modus operandi. Authorities confiscated $93,000, banking cards, cryptocurrency wallets, laptops, and storage devices, suggesting financial motives and possible theft of intellectual property or confidential information. The attack’s scale—coupled with the extradition of the suspect—implies severe consequences, including financial losses, reputational damage, and potential long-term research setbacks. Ransomware attacks on academic institutions often target high-value data (e.g., patents, grant details, or proprietary research), which, if leaked or locked, could threaten the organization’s core functions, partnerships, or funding. The involvement of international law enforcement underscores the attack’s gravity and cross-border impact.

The Dutch Scientific Research Organization (NWO) experienced a ransomware attack in February 2021 by the DoppelPaymer group. The attack caused material damage of €4.5 million, completely knocking out the agency's grant application and review process. It cut off communication with applicants, grantees, and universities, disabling email, apps, and phones. The organization was forced to cancel meetings and could not receive or pay bills until at least March 15. The attack was publicly disclosed on February 14, and sensitive files were released online when the ransom was not paid.