NFIR and Project Melissa: A Joint Fight Against Cybercrime


In an era when ransomware attacks make daily headlines, one project is at the forefront of defense: Project Melissa.

What exactly is Ransomware?

Ransomware is malicious software that cybercriminals use to encrypt data. This often has disastrous consequences. For example, businesses, hospitals and various other organizations face vital systems that fail completely. This is not just an IT problem; it is a direct threat to all of us.

NFIR and Project Melissa: A Joint Fight Against Cybercrime
'Arwi van der Sluijs signs with Project Melissa at the ONE conference in The Hague.'

The origins of Project Melissa

Project Melissa was launched in 2022 because of the growing threat of ransomware attacks. Project Melissa, initiated by Cyberveilig Nederland, NFIR and Northwave, brings together public and private parties to effectively combat this cyber threat and make the Netherlands less attractive to ransomware criminals. The cooperation includes information sharing, tracking and prosecuting criminals and improving the digital resilience of the Netherlands.

Incredible success

The collaboration proved to be an incredible success. For example, the unmasking and elimination of the large cybercriminal network Qakbot is a direct result of this cooperation. Qakbot consisted of more than 700,000 computers worldwide. With the network thus created, they could steal or encrypt data from companies or large organizations with ransomware, only to release it again for a fee. In this way, Qakbot has caused hundreds of millions of euros worth of damage to companies and government agencies since 2008.

In addition to Qakbot, Project Melissa has led to the downfall of more malicious groups such as Deadbolt and Genesis Market. Results have also been achieved in the tactical area, such as creating and sharing statistics on ransomware attacks, published white papers Exfiltration v3.0, Ransomware and best practices, for example.

Would you like more information about NFIR & project Melissa? Please contact us.

Expanding further

But we are not there yet. An exciting new phase begins. Indeed, we are only at the beginning of this powerful collaboration and can only grow stronger. Together we share a visionary goal: the creation of a digitally secure Netherlands, keeping each other’s interests in mind. With determination, all stakeholders are working to develop innovative products, share knowledge, establish joint operations and publish valuable insights on ransomware and cybercrime. NFIR’s contribution NFIR employees have been involved in ‘task forces’ in such areas as negotiating with hackers, ‘initial access’ and Qakbot research led by the THTC (Team High Tech Crime, Police). They also attended monthly meetings to share knowledge and expertise.

Who else is making Project Melissa possible?

The public participants are the Public Prosecutor’s Office (OM), the police and the National Cyber Security Center (NCSC). Cyberveilig Nederland, NFIR and Northwave, together with the OM, THTC and NCSC were the initiators, after which several members of Cyberveilig Nederland joined; Computest, DataExpert, Deloitte, Fox-IT, Kennedy Van der Laan, Tesorion, Trellix, and Responders.

Would you like more information about NFIR & project Melissa? Then contact us

Frequently asked questions about covenant 'Melissa'

Ransomware is hostage software that cybercriminals use to encrypt individuals’ or organizations’ data so that it is no longer accessible. Only after paying a ransom (“ransom”) will access the data again. Ransomware attacks can disrupt our society, such as businesses being shut down and hospitals being unable to provide care.

Project Melissa is a collaborative effort aimed at fighting ransomware. The project involves sharing tactical and operational information and increasing the risks and costs to cybercriminals.

Several public and private parties are participating, including the Public Prosecutor’s Office, the police (THTC), the National Cyber Security Center, and private parties such as NFIR, Computest, DataExpert, Deloitte, Fox-IT, Northwave, Kennedy Van der Laan, Tesorion, Trellix, and Responders.

NFIR, with its extensive experience in cybersecurity, plays a central role in the collaboration as one of the initiators. NFIR contributes by developing advanced detection tools, conducting training and awareness sessions, sharing knowledge and actively participating in response and recovery operations after ransomware attacks.

By using advanced technologies and strategies, Project Melissa has already prevented or minimized numerous ransomware attacks. Moreover, cooperation has led to faster exchange of crucial information on threats and legal action against cybercriminals.

The evaluation of cooperation is done based on the results achieved, such as the number of prevented attacks, the speed of information exchange, and the effectiveness of measures taken against cyber criminals.