The KNVB has paid a ransom to the cyber criminals who broke into the football association in April this year with LockBit ransomware. In a press release published on Tuesday the KNVB writes that it has complied with the hackers’ demands to prevent the captured data from being made public. The criminals managed to steal IDs, home addresses and salary details of players of the Dutch national team and other professional football players from the systems. They also obtained medical data. It is not clear how many people in total have been affected.
Although the KNVB says it has made agreements with the thieves “under expert guidance”, it is uncertain that the stolen data will not end up on the street. The football association says it does not want to blindly rely “on the promises of criminals” and therefore urges robbed members to be “extra alert”. To reach all affected people, the KNVB has chosen an advertisement in The Telegraph and the A.D. According to the Central Bureau of Statistics more than two thousand companies were victims of extortion with ransomware in 2021; more than a tenth paid the ransom.
The KNVB does not want to disclose the amount that the KNVB has transferred to the cyber criminals of ransomware group LockBit. “We do not make any statements about such matters,” a spokesperson said by telephone NRC. Reported in April RTL News that’s the requirement more than one million euros amounted to.
Also read: LockBit, the most dangerous ransomware gang, is on call for blackmail 24 hours a day
Dilemma without a pleasant option
“Expert research could not reveal which data had actually been captured or accessed,” the KNVB writes in the press release. “This presented us with a dilemma without an option that felt comfortable to us.” The KNVB believed that the fact that the distribution of the stolen data could have consequences “for the personal privacy of those involved” outweighed “the principle of not allowing ourselves to be extorted”.
At the end of last year, the KNVB had almost 1.2 million members in the Netherlands and more than five hundred employees. According to the association, “a limited number” of members fell victim to the data theft. People who have had contact with the KNVB Sports Medical Center in Zeist “in the broadest sense” must also be extra alert. People can go there for sports medical research, treatment or rehabilitation of a sports injury.