#CyberWeekly

NordStellar research reveals a staggering 9,251 ransomware cases in 2025 — a 45% jump from 2024's 6,395 cases. Experts predict the number will exceed 12,000 incidents in 2026. For Belgian SMEs, the message is clear: you're the target.

The data shows what attackers already know:

• Over two-thirds of attacks target businesses with fewer than 500 employees — SMEs generate enough revenue to pay ransoms but often lack the security infrastructure and recovery capabilities of larger organizations
• Manufacturing is the hardest hit — production downtime translates to immediate financial losses, making manufacturers more likely to pay
• Belgium has 130 victims on ransomware leak sites — spanning logistics, healthcare, insurance, and retail
• Attack speed is relentless — 78% of organizations reduce security staffing on weekends and holidays, when 52% of ransomware attacks occur

This isn't about sophisticated exploits. Most ransomware succeeds through basic tactics: phishing emails, unpatched systems, weak passwords, and missing backups. If you're subject to NIS2, you're required to address these fundamentals. If you're not, you should anyway — because the alternative is appearing on a leak site.

This week we launched the Learn section — 50 articles covering NIS2, CyberFundamentals, security basics, practical guides, and industry-specific advice. Every article is available in English, Dutch, and French. Every article has images, breadcrumbs, and cross-language links. And every image was converted to WebP, loading 93% faster than before.

What's inside:

• NIS2 essentials — what it is, requirements, penalties, deadlines, and a full compliance checklist
• CyberFundamentals explained — what it is, assurance levels, controls, and certification
• Security basics — phishing, ransomware, passwords, 2FA, backup
• Practical guides — risk assessment, employee training, supplier security
• Industry-specific — healthcare, manufacturing, retail, professional services

We also launched self-hosted analytics this week — so we can see which topics matter most to Belgian SMEs and expand accordingly. No third-party trackers, no cookies, just clean data to guide our content roadmap.

Gavin Webb, the UK National Crime Agency officer who led Operation Cronos, received an OBE in King Charles III's New Year Honours list. Operation Cronos was the 2024 international effort that disrupted LockBit, one of the most prolific ransomware gangs in history.

Why this matters:

• LockBit was responsible for 25% of all ransomware attacks globally — disrupting them saved countless businesses from encryption and extortion
• The gang is still active — despite the takedown, LockBit has rebuilt infrastructure and resumed attacks, showing the cat-and-mouse nature of ransomware enforcement
• International coordination works — Operation Cronos involved agencies from the UK, US, France, Germany, Japan, and Australia. Ransomware is global; the response must be too

Gavin Webb's recognition highlights a simple truth: fighting ransomware requires both technical capability and relentless coordination. For SMEs, the lesson is similar — ransomware defense isn't one tool or one backup. It's a system of overlapping protections that makes you a harder target than the business next door.

The European Space Agency confirmed a criminal investigation after hackers claimed they stole 500GB of sensitive data, including operational procedures, spacecraft details, and proprietary contractor information from SpaceX, Airbus, and Thales Alenia Space. This follows a December breach where 200GB of ESA data was listed for sale on BreachForums.

What was exposed:

• Operational procedures and spacecraft mission details — the kind of data that could compromise future launches or satellite operations
• Subsystems documentation — technical blueprints for space infrastructure
• Proprietary contractor data — source codes, access tokens, hardcoded credentials, and Terraform files from ESA partners

The breach started in September when attackers exploited a public CVE (Common Vulnerabilities and Exposures). By the time ESA noticed, 500GB had already been exfiltrated. This is a textbook supply chain risk — not just ESA's systems, but the contractors, subcontractors, and vendors connected to them.

For Belgian SMEs working with critical infrastructure or public sector clients, the takeaway is clear: your security posture affects your partners. If you're in the supply chain, you're part of the attack surface.

Belgian entities subject to NIS2 must submit their CyFun® AL Basic or Important self-assessment — or their ISO 27001 documentation — to the CCB by April 18, 2026. That's 12 weeks from today.

What you need to do:

• If you chose direct CCB oversight: Submit your self-assessment using the CyFun® Assurance Level framework (Basic or Important depending on your classification). Alternatively, submit your ISO 27001 information security policy, scope, and statement of applicability.
• If you chose sectoral oversight: Check with your sectoral authority (e.g., BIPT for telecom, NBB for finance) for their specific submission requirements and deadlines.
• Not sure which applies to you? Review our NIS2 requirements guide or check the CCB Safeonweb portal for registration and oversight details.

If you're behind on your self-assessment, now is the time to catch up. The CCB has been clear: NIS2 enforcement is real, and penalties range up to €10 million or 2% of global turnover. Use the remaining 12 weeks to get your documentation in order.