Search This Blog

Showing posts with label Dutch University. Show all posts

Maastricht University Retrieves Ransom Amount Paid in 2019


Earlier this month, the southern Maastricht University (UM) in Netherland with more than 22,000 students, revealed that it had retrieved the ransom paid after a ransomware assault that targeted its network in December 2019. 

After a detailed investigation of the incident, Fox-IT researchers attributed the attack to a financially motivated hacker gang tracked as TA505 (or SectorJ04). The hacking group has been active since at least 2014 and has primarily targeted retail and financial organizations. 

The hackers breached the university's systems through phishing e-mails in mid-October and installed Clop ransomware payloads on 267 Windows systems on December 23, after moving laterally via the network. 

After a week, the university decided to accede to the criminal gang's demand and paid a 30 bitcoin ransom (roughly €200,000 at the time) for the ransomware decryptor. This was partly because private data was in danger of being lost and students were unable to take an exam or work on their theses. Secondly, the rebuilding of all compromised systems from scratch or creating a decryptor were not viable options. 

"It is a decision that was not taken lightly by the Executive Board. But it was also a decision that had to be made," University explained in a blog post. "We felt, in consultation with our management and our supervisory bodies, that we could not make any other responsible choice when considering the interests of our students and staff."

However, as UM recently revealed, the local police traced and seized a wallet containing the cryptocurrency paid by the university as ransom in 2019.

"The investigation [..] eventually paved the way for the seizure of the cryptocurrency by the Dutch Public Prosecution Service. As early as February 2020, the investigation team froze a so-called wallet containing part of the paid ransom," UM said. The value of the cryptocurrencies found at that time was €40,000; at the current exchange rate, they are worth approximately €500,000."

Although this might appear like the university made a considerable profit within a relatively short time, the €500,000 seized by Netherlands' Public Prosecution Service represents significantly less than the damage inflicted during the ransomware attack. These seized funds are now in a bank account under the control of the law enforcement agents, and the Ministry of Justice has already initiated legal proceedings to transfer them to the university.

Dutch University Receives Bitcoin Ransom Paid in 2019


The southern Maastricht University in Netherland that fell victim to a major ransomware assault has partly received back its stolen money, a local news organization reported on Saturday. 

The Dutch University suffered a large cyberattack in 2019 that locked them, and their students, out of valuable data until they agreed to pay a €200,000 ($208,000) ransom in Bitcoin which hackers demanded to decrypt the data.

"The criminals had encrypted hundreds of Windows servers and backup systems, preventing 25,000 students and employees from accessing scientific data, library and mail," the daily De Volkskrant told. 

"After a week the university decide to accede to the criminal gang's demand," the paper said. This was partly because personal data was in danger of being lost and students were unable to take an exam or work on their theses.” 

As part of an investigation into the cyberattack, local police traced part of the ransom paid to an account belonging to a money launderer in Ukraine. In 2020, the authorities seized the perpetrator's account, which contained a number of different cryptocurrencies including part of the ransom money paid by Maastricht University. 

Earlier this week, the authorities were able to return the ransom back to the university. But the value of the Bitcoin held in the Ukrainian account has increased from its then-value of €40,000 to €500,000.

"When, now after more than two years, it was finally possible to get that money to the Netherlands, the value had increased from 40,000 euros to half-a-million euros," the paper further read. Maastricht University will now get the 500,000 euros ($521,000) back. 

"This money will not go to a general fund, but into a fund to help financially strapped students," Maastricht University ICT director Michiel Borgers stated. 

The administrators of Maastricht University should count themselves lucky as they were able to retrieve their stolen money. Last year, the University of California paid $1.14 million to NetWalker attackers after they encrypted data within its School of Medicine’s servers, and the University of Utah paid hackers $457,000 to prevent them from releasing data stolen during an attack on its network. 

In 2021, ransomware attackers targeted 58 U.S. education organizations and school districts, including 830 individual schools, according to the report published by Emsisoft threat analyst Brett Callow. Emsisoft estimates that in 2020, 84 incidents disrupted learning at 1,681 individual schools, colleges, and universities.