The Netherlands not in favor of legal ban on ransom payments to hackers

Published: 10 April 2026
Play ransomware
Image by Cybernews.

The government of the Netherlands doesn’t like the idea of implementing a statutory ban on paying ransom in case of a ransomware attack.

“Falling victim to extortion schemes can have a significant impact. The damage can be enormous and puts the affected company in a difficult position, including with regard to its customers,” David van Weel, Minister of the Department of Justice and Security, says in a letter addressed to the House of Representatives.

The final decision on whether to pay a ransom or not rests with the affected organization. The government’s advice remains not to pay.

ADVERTISEMENT

“Paying ransom offers no guarantee that criminals will restore systems, delete stolen data, or refrain from making it public or selling it to other criminals. Furthermore, paying ransom perpetuates the business model of cybercriminals,” the Minister continues.

David Van Weel, black suit, bordo tie, white collar shirt, slightly curly light brown hair
Dutch Justice and Security Minister David Van Weel. Mehmet Futsi/Anadolu/Getty.

Asked whether a statutory ban on paying ransom could favor society as a whole, Van Weel is reluctant.

“We do not wish to criminalize organizations that have fallen victim to a ransomware attack. There may be a tension between an individual victim’s interest in minimizing damage in the short term and the broader societal interest in reducing the total number of (potential) victims and not perpetuating the criminals’ business model. As long as this tension cannot be resolved unequivocally, it is, as in most EU countries, strongly advised not to pay the ransom, rather than imposing a legal ban,” he says.

The Minister stated this in response to questions regarding the cyberattack on Odido.

Ransomware extortion group ShinyHunters managed to steal personal information of more than six million people and threatened to publish the data on the dark web.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Odido continuously said it wouldn’t negotiate or pay the attackers. Therefore, ShinyHunters decided to publish all the stolen data.

ADVERTISEMENT

A spokesperson of the Dutch Public Prosecution Service has confirmed that an investigation has been launched into the matter.

The data protection authority (DPA) and Dutch Authority for Digital Infrastructure (RDI) are investigating how long Odido retained customer information and whether the company properly secured the data.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked