On Friday, January 24, Tom Meurs defended his dissertation at the University of Twente. In collaboration with the Dutch Police, he investigated the prevalence of ransomware in the Netherlands, the impact of ransom payments, and the effectiveness of law enforcement interventions. Meurs’ findings clearly show how often Dutch companies have been victimised recently and how businesses and law enforcement can respond to this threat.
Key findings from the research:
Large companies are at the highest risk:
Companies with more than 250 employees face a 1.3% annual risk of being directly targeted and paying the highest ransom amounts. Smaller companies (<50 employees) report fewer incidents, partly due to low reporting rates.
Backups, insurance, and data exfiltration influence ransom payments:
Organizations with recoverable backups are 27 times less likely to pay a ransom. However, when victims do pay, insurance increases the average ransom amount by a factor of 2.8. In cases of double extortion (where data is also stolen), this rises to 5.5 times. Strategically designing backup systems resilient to attackers within the network can prevent significant harm.
Law enforcement interventions are effective but not a silver bullet:
Interventions such as arrests, sanctions, takedowns of leak pages, decryptors, or freezing assets result in nearly half of ransomware groups ceasing their activities. However, no single approach stands out as significantly more effective than others. A strategy combining diverse interventions with rapid actions proves to be the most impactful.
About the researcher
Tom Meurs conducted his research in collaboration with the Dutch Police and the University of Twente. He combined data from more than 500 ransomware incidents from 2019–2023 with in-depth criminological and economic analyses. His research provides organizations and law enforcement with insights and tools to combat ransomware.
More information about the PhD and link to the live stream.
24 January at 2.30 pm is the defence of the thesis on ransomware.