Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

"People who fall for phishing scams are sometimes scared to admit it"

Improved collaboration is the best way of fighting ransomware

Skull on a red illuminated motherboard of a computer.
  • Thursday 25 April 2024

When hit by a ransomware attack, fear of reputational damage often leads an organisation to wait too long before calling in an incident response company or reporting the matter to the police. That's one of the key messages of Gina Doekhie's upcoming presentation at SIDN Inspire on 16 May.

Cybercrime specialist Gina Doekhie from the Netherlands Police
Gina Doekhie, cybercrime specialist

"Following a ransomware attack, an organisation will often wait a week before asking the police or an incident response company for help," says the Dutch National Police Force's cybercrime specialist Gina Doekhie. "In that time, a lot can go wrong." For example, the crooks can cover their digital tracks. "Digital tracking requires a truly forensic mindset. An ICT manager might think, 'I've secured the login files relating to the attack. So that's taken care of, and now I can restore our data from the backup.' It might sound reasonable enough, but by doing that you're preventing an information security investigator or the police from doing their job properly. Not all tracks are recorded in the log files."

Fear of reputational damage

An incident response company can check whether the criminals responsible for a ransomware attack are still on the network. Such specialists can also investigate the possibility of reinstating encrypted files without paying a ransom.

But why should a targeted organisation go to the police as well as an incident response company? "Many organisations don't want the police involved, because they're worried about reputational damage," Gina explains. "They're scared that, if the attackers get arrested and prosecuted, there'll be a lot of publicity." Inaction can also be motivated by a belief that the police won't do anything anyway. However, Gina says that's a fallacy.

Recovering extorted money

One reason is that the police have the power to trace criminals' cash flows and recover money extorted from victims. That happened after the University of Maastricht was hit by a cyber-attack in December 2019, for example. "In 2020, the police and the public prosecutor seized a cryptocurrency account belonging to one of criminals behind the attack. The account contained a fifth of the ransom in bitcoin. However, by the time custody of the bitcoin was secured 2 years later, the value had increased from 40,000 euros to 500,000!" That entire sum was returned to the University of Maastricht, which deposited it in a support fund for students in need.

It can therefore be in an organisation's own direct interest to report an incident to the police, as well as being in the public interest, Gina argues. "The more victims report attacks, the more evidence we have to go on. That increases the chance of cybercriminals being caught, and decreases the risk of other people falling victim. Another important consideration is that, by sharing their story, a victim can help others steer clear of scams."

Gina Doekhie

Gina has been a member of the Dutch National Police Cybercrime Team since 2019. Her work involves investigating complex cybercrime cases, such as ransomware-based extortion. Before joining the police, Gina spent 7 years as a digital forensic investigator at Fox-IT, tracking cybercriminals and working on digital fraud cases. While in that role, she became the first cybersecurity researcher in the Netherlands to be recognised as a judicial expert advisor: someone qualified to advise a court of law about the strength of the digital evidence in a case. Gina has a double master's degree from the University of Amsterdam in Artificial Intelligence and Forensic Science.

Removing the sense of shame

Gina would like to see more information sharing, not only amongst organisations, but also within organisations. "People who have fallen for phishing scams are sometimes scared to admit it. But it can happen to anyone." And, sadly, Gina sees it happening to more people in the future, as cybercriminals make greater use of artificial intelligence. "AI enables scammers to perpetrate more sophisticated CEO frauds and ransomware attacks. For example, they can make phone calls using a deepfaked manager's voice to persuade someone working in a finance department to urgently make a large payment to a previously unknown creditor just before the weekend."

As the threat from phishing grows, it's all the more important that people understand that they don't have to be ashamed. "The more effectively that message is communicated, the more chance there is that a phishing incident will be reported promptly within the organisation. And that can make the difference between a ransomware attack succeeding and failing. If, for example, an employee has been tricked into sharing their login details or downloading some malware, then initially only one user account is affected. The hacker still has work to do figuring out how to infiltrate the rest of the network. So an early response can lead to the intruder being detected before they have time to get any further. Access ports can be closed, maybe in the nick of time to prevent the entire business network being compromised."

Melissa

Closer collaboration between the police and incident response companies would also help in the fight against ransomware attacks, Gina believes. "Fortunately, we're seeing more cooperation. For example, the international police investigation into the LockBit ransomware gang got going after a tip-off from a private actor affiliated to Melissa." Melissa is a cooperative alliance dedicated to improving ransomware attack response, whose members include the Dutch Public Prosecutor's Office (OM), the police, the National Cyber Security Centre (NCSC), Cybersecure Netherlands and various private-sector organisations active in the field of cybersecurity.

"So, indirectly, it was cooperation through Melissa that led to Europol, the Dutch National Police and police forces in 10 other European countries taking down 34 LockBit servers on 20 February 2024."

Emergency response plan

Does Gina have any other advice for organisations about preserving attackers tracks in the immediate aftermath of a ransomware attack? That depends on the organisation's ICT infrastructure, she says. "It's therefore important to have an emergency response plan in place. The plan should describe what everyone should do to secure the evidence if an incident occurs. If a server is infected, should someone disconnect it or not?"

"That sort of question needs to be thought through in advance, and clear choices made. Because, in a real emergency, people are liable to panic." Of course, all the ICT managers referred to in the plan need to be aware of it. And, ideally, there should be drills from time to time, so that everyone understands what they should do.

Prevent reputational damage with SIDN BrandGuard

SIDN BrandGuard is an online monitoring service featuring a personalised dashboard, which notifies you about the registration of domain names similar to your brand name. The early warnings give you the opportunity to respond quickly and prevent your brand being used for phishing, e-mail fraud, CEO fraud or identity fraud. Saving yourself both reputational damage and high costs. SIDN BrandGuard also helps you manage your brand online by providing an overview of all the domain names in your organisation's portfolio and all the partners who are using your name or logo.

Preparation

An organisation that obtains preventive advice from an incident response company before a problem occurs is better placed to act quickly if it then suffers a ransomware attack, Gina reckons. "Cybersecurity experts have then had an opportunity to map the network infrastructure and draw up a list of key contacts."

"An incident response company can also perform preventive penetration tests to identify weaknesses in the organisation's security arrangements." Because cybercriminals often exploit known weaknesses, good patch management and a good backup system are vital for preventing or negating ransomware attacks.

"If an organisation has the ability to restore its files from a backup, a hacker has much less leverage." It's preferable not to keep backups on the organisation's own network, but offline or in the cloud. Network segmentation is very helpful too, since it reduces the risk that cybercriminals can hold all the files on the network to ransom.

Crown jewels

Gina also advocates mapping the locations of the organisation's 'crown jewels'. "What systems are involved? What software is running on them?" With a clear picture of what's where, extra security measures such as access control featuring 2 or 3-factor authentication can be selectively implemented.

Another precaution recommended by Gina is reviewing the organisation's service level agreements (SLAs) with suppliers. "If, for example, you use a software package or an operating system supplied by a cloud service provider, make sure that your contract includes assurances about incident response times. How quickly will files be restored from backups, for instance?"

The small print of contracts with incident response companies is worth studying too. "How quickly will you get support in the event of an incident? In the face of a ransomware attack, every hour counts."

Want to see Gina's presentation and learn more about working together to stay ahead of the cyber-crooks? Register for SIDN Inspire on 16 May 2024 at https://events.sidn.nl/sidn-inspire-2024.