Cyberattack on Dutch Research Council (NWO) suspends research grants

Servers belonging to the Dutch Research Council (NWO) have been compromised, forcing the organization to make its network unavailable and suspend subsidy allocation for the foreseeable future.

The NWO is tasked with investing in research and research infrastructure to increase quality and innovation in science. For this purpose, it is a significant entity in the Netherlands that makes annual investments of close to one billion euros. It funds thousands of researchers at universities and institutes in the country, driving quality and innovation in science.

Grants on pause

In a press release on Sunday that conveys a minimum of details about the attack, the organization says that its servers have been hacked and that its network is not accessible.

There is no timeframe for restoring the systems but the organization channels its efforts to solve the issues as fast as possible.

Details about the type of the attack or the malware that the hackers used remain unavailable at the moment.

With the network down, NWO applications remain unavailable. This includes the organization’s email service (Outlook) and the online resources from the two entities under NWO, the Netherlands Initiative for Education Research (NRO) and the National Governing Body for Practice-oriented Research SIA.

NWO says that its website was not impacted by the attack. The external server hosting the ISAAC application and reporting system used by applicants to submit their proposals also appears to have not been infected.

However, the ISAAC server has been shut down until the incident assessment removes all suspicion of the possibility of malware infection. As a result, the processes of SIA and NRO remain suspended indefinitely.

NWO says that rounds with deadlines coming up soon have been postponed and the evaluation of grant proposals with a passed deadline has been stopped.

The organization also informs that it will provide no more details about the attack and how it occurred while the investigation and system restoration work are underway.

The NWO is the second public body tasked with investing in science and research that has been hit by a cyberattack in less than a month.

In late January, the UK Research and Innovation (UKRI) agency announced that it had suffered a ransomware attack that encrypted data and affected two of its services. Just like NWO, UKRI also handled large funds.