Authored By: Lamia Eid
The Hague University of Applied Sciences
I. Introduction
Ransomware is a form of cybercrime that encrypts an individual’s or an organization’s system, blocks access, and demands payment, typically in cryptocurrency, in exchange for restoring access.[1] Payment of a ransom does not, however, guarantee decryption.[2] The consequences of such malware extend far beyond payment: victims suffer data loss, reputational harm, and financial, societal, and operational disruption.[3]
In the Netherlands, ransomware has evolved from an isolated technical disruption into a widespread, system-level threat. The Dutch Data Protection Authority recorded 178 successful ransomware attacks in 2023.[4] Criminals target organizations across various sectors, specifically those holding sensitive information in their databases. The threat is not merely financial: the Dutch Cybersecurity Assessment 2025 identified state-supported actors from Russia, China, and North Korea as responsible for ransomware attacks against several Dutch organizations, and reported that the Netherlands’s first confirmed incident of cyber sabotage was by a Russian state-affiliated group.[5] Most recently, on 7 April 2026, a ransomware attack on ChipSoft – whose medical records system is used by 55 out of 76 Dutch hospitals- led to patients’ sensitive data being stolen.
Despite the scale and sophistication of this threat, the successful prosecution of ransomware criminals in the Netherlands remains exceptionally rare. The Wet Computercriminaliteit III (“Wet CC III”) established significant new investigative powers in 2019, yet the volume of attacks continues to outpace the rate of successful prosecutions. This article argues that four legal challenges: anonymization, jurisdiction, evidence admissibility, and underreporting collectively constitute the existing framework insufficient to address ransomware at scale, and that targeted legislative and procedural reform is necessary to close this gap. The article proceeds by setting out the applicable legal framework before examining each challenge in turn, evaluating the Wet CC III, and proposing a course of reform.
II. Legal Framework
Ransomware attacks are prosecuted under several computer offense provisions within the Dutch Penal Code (Wetboek van Strafrecht, “Sr”). Article 138ab Sr criminalizes data breaches, hacking, and other illicit access.[6] Article 350a Sr criminalizes the malware dissemination, which is the core mechanism for ransomware encryption.[7] While Article 350b Sr provides an aggravated offense when significant infrastructure is attacked, imposing a maximum sentence of fifteen years imprisonment.[8] The extortion and blackmail inherent in ransom demands fall under Article 317 Sr.[9] These provisions, while comprehensive in scope, share a common limitation: they were designed for domestic enforcement and provide little independent guidance on cross-border investigation or attribution in technically complex cases.[10]
At the European Union level, the General Data Protection Regulation (“GDPR”) requires affected organizations to notify the supervisory authority within 72 hours of becoming aware of a data breach, to avoid fines of up to €20 million or four per cent of annual turnover.[11] Directive 2013/40/EU requires Member States to penalize attacks against information systems and calls for a rapid response for urgent matters in fighting ransomware across borders.[12] Though it does not resolve the procedural delays that undermine evidence gathering in practice.
Internationally, the Budapest Convention on Cybercrime provides the principal multilateral framework for cross-border investigations of cybercrime.[13] It harmonizes offences, establishes mutual legal assistance procedures among its parties, and, through Articles 29 and 35, introduces an expedited evidence preservation mechanism and a 24/7 contact point network.[14] The convention’s utility is, however, significantly constrained by the non-ratification of Russia and China, which are among the primary state actors identified as supporting ransomware operations against the Dutch targets.[15]
III. Challenges in Prosecution
Anonymization
Detecting the perpetrator with adequate certainty to satisfy criminal evidential standards is the most technical hurdle to ransomware prosecution. Ransomware operators deploy a layered anonymization infrastructure intentionally created to defeat the standard tracking mechanisms. This infrastructure, therefore, includes an anonymity network, commercial virtual private network (“VPN”) services, and bulletproof hosting providers located in such a non-cooperative jurisdiction, using international bank accounts and cryptocurrency wallets.[16]
The use of multiple access points represents a primary obstacle for investigators. Perpetrators operate through public Wi-Fi at a restaurant, airport, or hotel. Law enforcement officials tracking the IP address will find the access point, yielding no further identity information.[17] Perpetrators also use VPNs or proxies, adding another barrier to finding the suspect.
Cryptocurrency serves as the financial foundation allowing this anonymization architecture. Since 2011, with the emergence of cryptocurrencies, ransomware attackers have been able to collect ransoms at scale through pseudonymous transfers, making it substantially harder to detect the suspect.[18] Although a wallet can be traced on the blockchain, deanonymizing the account owner requires a long legal process in another state, returning the investigation to the jurisdictional barriers discussed in the following section.
Jurisdiction & Territoriality
The investigation and prosecution of cybercrime are conducted locally, but are also restricted by physical borders, whereas ransomware attacks are inherently cross-border. The general principle affirmed by the Permanent Court of International Justice in the Lotus case is that states can investigate crimes on their own territory under their own terms.[19] However, law enforcement bodies may not set enforcement operations in a foreign territory without permission or a treaty.[20]
The mutual legal assistance system carried out by bilateral treaties, the Budapest Convention on Cybercrime, and within the EU through the European Investigation Order, is a principal mechanism for cross-border evidence gathering. Requests must go through the central authorities, be translated into the legal language of the requested state, and be processed by foreign judicial systems. Average processing times of months or years are incompatible with the rapid deterioration and movement of digital evidence.[21]
Another issue is the lack of clear geographic attribution of cloud-based evidence. Cryptocurrency, exchange data, server logs, and communication relevant to ransomware investigations may be divided across multiple jurisdictions or hosted entities of unknown locations.[22] This produces a legal deadlock, where the location of an exchange cannot be determined.
The jurisdictional gap is particularly acute given the geographic origin of major ransomware groups. The 2025 Dutch Cybersecurity Assessment documented attacks by Chinese state actors, Russian actors, and North Korean theft operations, none of which are within reach of Dutch extradition arrangements.[23] Article 35 of the Budapest Convention introduces a contact point network and an expedited evidence preservation mechanism. Article 29 offers partial solutions, but their use is limited by Russia and China’s non-ratification.
The Convention emphasizes cross-border investigations and similarly criminalizes harmful behaviour. It outlines how states should regulate certain investigation powers under their national law, providing the necessary measures for law enforcement authorities to investigate cybercrimes. It builds legal assistance procedures regarding cybercrime investigations between states to achieve better outcomes. However, Russia and China have not ratified the Convention.[24]
Digital Evidence Admissibility
Even where investigators successfully identify a suspect and gather evidence across borders, that evidence must satisfy Dutch admissibility requirements.[25] Dutch courts assess not only the substantive quality of evidence but also formal compliance with the procedural rules governing its collection, including those governing international information exchange. Evidence gathered in violation of these rules may be inadmissible in court. In a complex cross-border ransomware case, digital evidence passes through several legal regimes in succession, each creating a potential gap that the prosecution must account for.[26]
Inter-agency requests take a considerable amount of time to process and lack a comprehensive governance framework to ensure the integrity and continuity of evidence.[27] The risks this creates are not merely theoretical: in 2020, French law enforcement covertly installed malware on the EncroChat encrypted messaging platform and shared intercepted messages with the Netherlands through a Joint Investigation Team. Following this, the Dutch prosecutions based on these data faced sustained legal challenges, including over 100 lawyers who signed an open letter arguing that the prosecutor’s refusal to disclose the methodology used by France made it impossible for the defendant to challenge the authenticity and integrity of the evidence, which is a potential violation of the right to a fair trial under Article 6(1) of the European Convention on Human Rights.[28]
Underreporting
Underreporting is considered to be the most fundamental gap in the prosecution of ransomware in the Netherlands, because it prevents the vast majority of attacks from ever entering the criminal justice system.[29] Research demonstrates that between 77 and 95 per cent of ransomware incidents are never reported to the police.
In 2025, just 65 incidents were reported to the police. However, not all victims are reporting the attack or engaging with a response firm; therefore, the actual number of ransomware attacks remains unclear but likely higher than the annual report.[30] The Dutch Cybersecurity Monitor found that only 18 per cent of incidents were reported to the police, with reporting rates decreasing among smaller companies.[31]
The barriers to reporting are structural and mutually reinforcing. Most victims prioritize maintaining a good reputation and business continuity over the criminal process. Many of them believe that law enforcement officials cannot deliver a meaningful remedy, a perception that the current enforcement practice has done little to address such matters.[32] Victims also face financial and administrative costs when filing a report, incurring time for an uncertain outcome.[33] Additionally, victims prefer to get assistance from alternative sources, such as a response firm, family, or other financial agencies.[34]
Small organizations frequently find it difficult to approach the police, afford specialist response firms, or appear on ransomware leak sites because attackers prefer high-profile targets to build a reputation. As a small company, reporting will not benefit their position.[35] Research on a specific ransomware indicated that ransomware victims have a 2-5 per cent willingness to report an attack.[36]
IV. Evaluation of the Wet Computercriminaliteit III
The Wet CC III illustrates significant progress in legislation in the Netherlands’ response to cybercrime. This is most clearly demonstrated by operational successes that the new powers enabled: the 2021 takedown of the Emotet botnet and DoubleVPN – an essential VPN service for ransomware attacks – and Dutch contributions to the disruption of the LockBit infrastructure in 2024. The criminalization of data fencing under Article 139g Sr also closed a significant gap concerning the trade in stolen credentials.[37]
Nevertheless, substantial gaps still exist. Between April 2021 and April 2024, this covert hacking power was deployed in 89 incidents, though most were traditional crimes rather than cybercrimes.[38] The status is neither legally nor practically developed regarding the prosecution of ransomware outside Dutch jurisdiction. Furthermore, while judges are expected to assess evidence collected through hacking-back operations, this occurred occasionally, meaning a genuine constitutional basis for the decryption duty needs to be properly upheld.
Most significantly, the Wet CC III does not address the underreporting gap. Legislation creating investigative powers is of limited value when only a small fraction of incidents is reported to the authorities in the first place. This discrepancy points to a fundamental disconnect between the law as written and the law as applied: without reports, investigators cannot exercise their powers, and the deterrent effect of prosecution cannot materialize.
V. Conclusion
The rarity of ransomware prosecutions in the Netherlands is not the product of a single legislative failure but of four compounding structural barriers: the layered anonymization, infrastructure deployed by perpetrators, jurisdictional constraints that are particularly acute give the geographic origin of major threat actors; the admissibility requirements that digital evidence gathered across multiple legal regimes must satisfy; and the systemic underreporting that prevents most incidents from entering the criminal justice system at all. The Wet CC III addresses some of these barriers, as evidenced by its operational successes, but it does not resolve the fundamental tension between the territorial structure of criminal law and the inherently cross-border nature of ransomware.
Reform must operate on two levels. At the international level, the Netherlands should use its position within the EU to press for faster mutual legal assistance procedures and expanded Budapest Convention ratification, while strengthening bilateral operational partnership with non-party jurisdictions where possible. At the national level, the priority should be increasing victim reporting rates. One avenue worth investigating is whether insurers could require a police report as a condition of paying out ransomware-related claims, mirroring existing practice for property theft, which would simultaneously increase the volume of reports and provide law enforcement with the rich data necessary to identify patterns, target criminal networks, and demonstrate the value of engagement to future victims. Without addressing underreporting, no amount of legislative refinement will bring prosecutions into proportion with the scale of the threat.[39]
Bibliography
Legislation
Wetboek van Strafrecht.
Wet Computercriminaliteit III (Stb 2018, 322), in force March 2019.
Regulation (EU) 2016/679 (General Data Protection Regulation) [2016] OJ L 119/1.
Directive 2013/40/EU of the European Parliament and of the Council on attacks against information systems [2013] OJ L 218/8.
Convention on Cybercrime (opened for signature 23 November 2001, entered into force 1 July 2004) ETS No 185.
European Convention on Human Rights (adopted 4 November 1950, entered into force 3 September 1953) 213 UNTS 221.
Cases
The Case of the S.S. Lotus (France v Turkey) (Judgment) PCIJ Series A No 10.
Case C-670/22 M.N. (EncroChat) EU:C:2024.
Books
Leukfeldt ER & Kleemans ER, ‘Breaking the Walls of Silence: Analyzing Criminal Investigations to Improve our Understanding of Cybercrime’ in A Lavorgna and TJ Holt (eds), Researching Cybercrimes (Springer 2021).
Journals
Opderbeck DW, ‘Cybersecurity and Data Breach Harms: Theory and Reality’ (2022) 82 Maryland Law Review 1001.
Meurs T, Junger M, Cruyff M and van der Heijden PGM, ‘Estimating the Number of Ransomware Attacks’ (2025) Journal of Quantitative Criminology https://link.springer.com/article/10.1007/s10940-025-09625-7.
Luuk Bekkers, Rutger Leukfeldt and Edward Kleemans, ‘Police Investigations Into Financial-Economic Cybercriminal Networks: The Experiences and Perceptions of Dutch Law Enforcement’ (2025) European Journal on Criminal Policy and Research https://link.springer.com/article/10.1007/s10610-025-09615-2.
Van Roomen T, ‘Cross-Border Evidence Gathering in Criminal Crypto Investigations: A Case Study of the Netherlands’ (2025) Tilburg Law Review.
Matthijsse SR, van Hoff-de Goede MS, Leukfeldt ER, ‘To report or not to report: Exploring the motivations and factors associated with reporting of ransomware victimisation among entrepreneurs’ (2025) 97 Journal of Criminal Justice 102378 https://www.sciencedirect.com/science/article/pii/S0047235225000273.
Official Reports
Autoriteit Persoonsgegevens, Ransomware Report (October 2024) https://www.autoriteitpersoonsgegevens.nl/en/documents/ransomware-report accessed 9 May 2026.
van den Berg B, Weggemans D and Nobbenhuis M, Collaboration Against Ransomware: Evaluation Melissa (Universiteit Leiden, Institute of Security and Global Affairs) https://www.cyberveilignederland.nl/upload/userfiles/images/news/150-11400%20Report%20layout%20Collaboration%20against%20Ransomware_ENG_01.pdf accessed 10 May 2026.
National Cyber Security Center, Jaarbeeld Ransomware 2025 (February 2026) https://www.ncsc.nl/nieuws/jaarbeeld-ransomware-2025 accessed 11 May 2026.
National Cyber Security Center, Jaarbeeld Ransomware 2024 (November 2025) https://www.ncsc.nl/ransomware/jaarbeeld-ransomware-2024 accessed 11 May 2026.
Statistics Netherlands (CBS), Cybersecurity monitor 2023 (CBS 2024) https://www.cbs.nl/nl-nl/longread/rapportages/2024/cybersecuritymonitor-2023?utm_source=chatgpt.com accessed 11 May 2026.
National Coordinator for Counterterrorism and Security, Cybersecurity Assessment Netherlands 2025 (November 2025) https://english.nctv.nl/site/binaries/site-content/collections/documents/2025/12/02/cybersecurity-assessment-netherlands-2025/Cybersecurity+Assessment+Netherlands+2025.pdf accessed 12 May 2026.
Wetenschappelijk Onderzoek- en Datacentrum (WODC), ‘Evaluatie Wet Computercriminaliteit 3’ (2025) https://repository.wodc.nl/bitstream/handle/20.500.12832/3505/rapport-meer-mogelijkheden-voor-opsporing-en-vervolging-computercriminaliteit.pdf?sequence=1&isAllowed=y accessed 11 May 2026.
Websites
Council of Europe, ‘Risks and challenges’ (Ransomware) https://www.coe.int/en/web/ransomware/risks-and-challenges accessed 10 May 2026.
Oerlemans JJ, ‘Death by Ransomware’ (Montaigne Centre Blog, 2 October 2020) https://blog.montaignecentre.com/en/death-by-ransomware/.
Loohuis K, ‘Dutch police disrupt half of ransomware operations, finds embedded PHD student’ (Computer Weekly, March 2025) https://www.computerweekly.com/news/366620387/Dutch-police-disrupt-half-of-ransomware-operations-finds-embedded-PHD-student accessed 28 April 2026.
Netherlands Digital Government, ‘ICT sector hit hardest by ransomware’ (February 2025) https://www.nldigitalgovernment.nl/news/ict-sector-hit-hardest-by-ransomware/ accessed 13 May 2026.
NOREA, Ransomware in Control https://www.norea.nl/uploads/bfile/4a629796-5601-4dad-ae56-3699f3ad4106 accessed 10 May 2026.
Council of Europe, ‘Parties/Observers to the Budapest Convention and Observer Organisation to the T-CY’ https://www.coe.int/en/web/cybercrime/parties-observers accessed 11 May 2026.
Supreme Court of the Netherlands, ‘Supreme Court issues preliminary ruling in EncroChat and SkyECC cases’ (13 June 2023) https://www.hogeraad.nl/actueel/nieuwsoverzicht/2023/juni/supreme-court-issues-preliminary-ruling-encrochat-and-skyecc-cases/#:~:text=The%20cases%20concerned%20phones%20made%20available%20by,of%20which%20used%20servers%20located%20in%20France accessed 12 May 2026.
[1] Netherlands Digital Government, ‘ICT sector hit hardest by ransomware’ (February 2025) https://www.nldigitalgovernment.nl/news/ict-sector-hit-hardest-by-ransomware/ accessed 13 May 2026.
[2] David W Opderbeck, ‘Cybersecurity and Data Breach Harms: Theory and Reality’ (2022) 82 Maryland Law Review 1001.
[3] Bibi van den Berg, Daan Weggemans and Manon Nobbenhuis, Collaboration Against Ransomware: Evaluation Melissa (Universiteit Leiden, Institute of Security and Global Affairs) 6 https://www.cyberveilignederland.nl/upload/userfiles/images/news/150-11400%20Report%20layout%20Collaboration%20against%20Ransomware_ENG_01.pdf accessed 10 May 2026.
[4] Autoriteit Persoonsgegevens (AP), ‘Rapportage ransomware: Gebrekkige beveiliging maakte twee op de drie getroffen organisaties kwetsbaar’, 2024.
[5] National Coordinator for Counterterrorism and Security, Cybersecurity Assessment Netherlands 2025 (November 2025) https://english.nctv.nl/site/binaries/site-content/collections/documents/2025/12/02/cybersecurity-assessment-netherlands-2025/Cybersecurity+Assessment+Netherlands+2025.pdf accessed 10 May 2026, 5.
[6] Wetboek van Strafrecht (Dutch Criminal Code), art 138ab (Netherlands).
[7] Wetboek van Strafrecht (Dutch Criminal Code), art 350a (Netherlands).
[8] Wetboek van Strafrecht (Dutch Criminal Code), art 350b (Netherlands).
[9] Wetboek van Strafrecht (Dutch Criminal Code), art 317 (Netherlands).
[10] Wet Computercriminaliteit III (Stb 2018, 322), in force March 2019.
[11] Regulation (EU) 2016/679 (General Data Protection Regulation) [2016] OJ L 119/1, art 33.
[12] Directive 2013/40/EU of the European Parliament and of the Council on attacks against information systems [2013] OJ L 218/8.
[13] Convention on Cybercrime (opened for signature 23 November 2001, entered into force 1 July 2004) ETS No 185, art 23.
[14] Convention on Cybercrime (opened for signature 23 November 2001, entered into force 1 July 2004) ETS No 185, art 31.
[15] Council of Europe, ‘Parties/Observers to the Budapest Convention and Observer Organisation to the T-CY’ https://www.coe.int/en/web/cybercrime/parties-observers accessed 11 May 2026.
[16] Luuk Bekkers, Rutger Leukfeldt and Edward Kleemans, ‘Police Investigations Into Financial-Economic Cybercriminal Networks: The Experiences and Perceptions of Dutch Law Enforcement’ (2025) European Journal on Criminal Policy and Research 15 https://link.springer.com/article/10.1007/s10610-025-09615-2 accessed 9 May 2026.
[17] Tom Meurs, Marianne Junger, Maarten Cruyff and Peter G M van der Heijden, ‘Estimating the Number of Ransomware Attacks’ (2025) Journal of Quantitative Criminology 2 https://link.springer.com/article/10.1007/s10940-025-09625-7 accessed 10 May 2026.
[18] NOREA, Ransomware in Control https://www.norea.nl/uploads/bfile/4a629796-5601-4dad-ae56-3699f3ad4106 accessed 10 May 2026, 6-9.
[19] The Case of the S.S. Lotus (France v Turkey) (Judgment) PCIJ Series A No 10.
[20] Tessa van Roomen, ‘Cross-Border Evidence Gathering in Criminal Crypto Investigations: A Case Study of the Netherlands’ (2025) Tilburg Law Review 131 https://tilburglawreview.com/articles/10.5334/tilr.423 accessed 11 May 2026.
[21] Tessa van Roomen, ‘Cross-Border Evidence Gathering in Criminal Crypto Investigations: A Case Study of the Netherlands’ (2025) Tilburg Law Review 131 https://tilburglawreview.com/articles/10.5334/tilr.423 accessed 11 May 2026.
[22] Tessa van Roomen, ‘Cross-Border Evidence Gathering in Criminal Crypto Investigations: A Case Study of the Netherlands’ (2025) Tilburg Law Review 128 https://tilburglawreview.com/articles/10.5334/tilr.423 accessed 11 May 2026.
[23] National Coordinator for Counterterrorism and Security, Cybersecurity Assessment Netherlands 2025 (November 2025) https://english.nctv.nl/site/binaries/site-content/collections/documents/2025/12/02/cybersecurity-assessment-netherlands-2025/Cybersecurity+Assessment+Netherlands+2025.pdf accessed 12 May 2026, 5.
[24] Council of Europe, ‘Parties/Observers to the Budapest Convention and Observer Organisation to the T-CY’ https://www.coe.int/en/web/cybercrime/parties-observers accessed 11 May 2026.
[25] Jan-Jaap Oerlemans, ‘Death by ransomware’ (Montaigne Centre Blog, 2020) https://blog.montaignecentre.com/en/death-by-ransomware/ accessed 12 May 2026.
[26] E. Rutger Leukfeldt & Edward R. Kleemans, ‘Breaking the Walls of Silence: Analyzing Criminal Investigations to Improve our Understanding of Cybercrime’ in A Lavorgna and TJ Holt (eds), Researching Cybercrimes (Springer 2021) 132.
[27] Luuk Bekkers, Rutger Leukfeldt and Edward Kleemans, ‘Police Investigations Into Financial-Economic Cybercriminal Networks: The Experiences and Perceptions of Dutch Law Enforcement’ (2025) European Journal on Criminal Policy and Research 4 https://link.springer.com/article/10.1007/s10610-025-09615-2 accessed 13 May 2026
[28] Supreme Court of the Netherlands, ‘Supreme Court issues preliminary ruling in EncroChat and SkyECC cases’ (13 June 2023) https://www.hogeraad.nl/actueel/nieuwsoverzicht/2023/juni/supreme-court-issues-preliminary-ruling-encrochat-and-skyecc-cases/#:~:text=The%20cases%20concerned%20phones%20made%20available%20by,of%20which%20used%20servers%20located%20in%20France accessed 12 May 2026.
[29] E. Rutger Leukfeldt & Edward R. Kleemans, ‘Breaking the Walls of Silence: Analyzing Criminal Investigations to Improve our Understanding of Cybercrime’ in A Lavorgna and TJ Holt (eds), Researching Cybercrimes (Springer 2021) 128.
[30] National Cyber Security Center, Jaarbeeld Ransomware 2025 (February 2026) https://www.ncsc.nl/nieuws/jaarbeeld-ransomware-2025 accessed 11 May 2026.
[31] Statistics Netherlands (CBS), Cybersecurity monitor 2023 (CBS 2024) https://www.cbs.nl/nl-nl/longread/rapportages/2024/cybersecuritymonitor-2023?utm_source=chatgpt.com accessed 11 May 2026.
[32] Tom Meurs, Marianne Junger, Maarten Cruyff and Peter G M van der Heijden, ‘Estimating the Number of Ransomware Attacks’ (2025) Journal of Quantitative Criminology 4 https://link.springer.com/article/10.1007/s10940-025-09625-7 accessed 12 May 2026.
[33] Sifra R. Matthijsse, M. Susanne van Hoff-de Goede, E. Rutger Leukfeldt, ‘To report or not to report: Exploring the motivations and factors associated with reporting of ransomware victimisation among entrepreneurs’ (2025) 97 Journal of Criminal Justice 102378, 2 https://www.sciencedirect.com/science/article/pii/S0047235225000273 accessed 13 May 2026.
[34] Sifra R. Matthijsse, M. Susanne van Hoff-de Goede, E. Rutger Leukfeldt, ‘To report or not to report: Exploring the motivations and factors associated with reporting of ransomware victimisation among entrepreneurs’ (2025) 97 Journal of Criminal Justice 102378 https://www.sciencedirect.com/science/article/pii/S0047235225000273 accessed 13 May 2026.
[35] Tom Meurs, Marianne Junger, Maarten Cruyff and Peter G M van der Heijden, ‘Estimating the Number of Ransomware Attacks’ (2025) Journal of Quantitative Criminology https://link.springer.com/article/10.1007/s10940-025-09625-7 accessed 12 May 2026.
[36] Tom Meurs, Marianne Junger, Maarten Cruyff and Peter G M van der Heijden, ‘Estimating the Number of Ransomware Attacks’ (2025) Journal of Quantitative Criminology 5 https://link.springer.com/article/10.1007/s10940-025-09625-7 accessed 12 May 2026.
[37] National Cyber Security Center, Jaarbeeld Ransomware 2024 (November 2025) https://www.ncsc.nl/ransomware/jaarbeeld-ransomware-2024 accessed 11 May 2026.
[38] Wetenschappelijk Onderzoek- en Datacentrum (WODC), ‘Evaluatie Wet Computercriminaliteit 3’ (2025) 18-19 https://repository.wodc.nl/bitstream/handle/20.500.12832/3505/rapport-meer-mogelijkheden-voor-opsporing-en-vervolging-computercriminaliteit.pdf?sequence=1&isAllowed=y accessed 11 May 2026.
[39] Tessa van Roomen, ‘Cross-Border Evidence Gathering in Criminal Crypto Investigations: A Case Study of the Netherlands’ (2025) Tilburg Law Review 130 https://tilburglawreview.com/articles/10.5334/tilr.423 accessed 12 May 2026.
