Belgian companies are paying out an estimated €100 million a year to criminal hackers, according to a report by the parliamentary economy committee, obtained by De Tijd.
The committee interviewed a series of experts on the question, who revealed that almost one in three companies has had experience of ransomware – where hackers install a piece of software on the company’s system which shuts it down. The criminals then demand the payment of a ransom to unlock the system.
Many companies do not then go on to report the matter to the police, fearing a loss of face or reputation, according to Olivier Bogaert of the federal police’s Computer Crime Unit. Reporting is also affected by the existence of insurance against ransomware, which means that companies are reimbursed for some of their losses, and are thus less likely to report the matter.
Another expert heard by the committee was Geert Baudewijns, CEO of Secutec, a company that acts as an intermediary between the hackers and their victims.
Secutec, he explained, is involved in cases where payments of some €30 million were made, and that represents a 30% share in the business in Belgium. Secutec only deals with cases where the ransom is less than €75,000. Other companies deal with cases of higher ransom.
“Sometimes the victim has no choice but to pay because otherwise they will no longer have access to their data,” he told MPs.
“Naturally, the customer decides this for themself. The problem usually concerns small and medium-sized businesses. If they don’t pay, there is often major economic damage, which in any case has a cost.”
The money paid is unlikely ever to be seen again. The criminals are mainly working from outside Europe and use a network of tax havens to launder the money they extort from companies. And to make things even easier for them, they often demand a ransom in crypto-currencies like Bitcoin, which is even more difficult if not impossible to trace.
The number of cases rose in 2019 by 29% compared to the previous year, and the trend shows no sign of reversing. Especially since the criminals no longer need to have any particular aptitude with computers.
“The perpetrators don’t even have to be skilled in computer science,” said Antwerp prosecutor Robrecht De Keersmaecker, chief coordinator of the Cybercrime Expertise Network.
“A thriving market has emerged for plug-and-play hardware and software to facilitate internet fraud. As a result, fraud is increasing exponentially,” he said.