Maastricht University gets partial ransom back after ransomware attack in 2019

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,592
Content source
https://borncity.com/win/2022/07/03/uni-maastricht-erhlt-teil-lsegeld-nach-ransomware-angriff-in-2019-zurck/
Partial success for Maastricht University, following a ransomware attack in 2019. Investigators have managed to seize part of the Bitcoin ransom payments. Due to price increases, this amount is now worth more than the entire ransom at the time. The university plans to put the amount into a fund for students. Here is some information about an incident that is ending with a profit for the university.

The University (UM) of the Dutch city of Maastricht fell victim to a ransomware attack on Dec. 23, 2019, according to my research (see Ransomware infects Maastricht University). All computer systems have been shut down for the moment. Of course, it was super fitting that December 24 was Christmas Eve, because the administrators had focused on Christmas and the students were probably also mostly on Christmas vacation.

As a result of the ransomware infection, all IT systems had to be taken offline. The latest statement from the university, dated January 27, 2020, says that students can copy, print and scan again with internal systems. In February 2020, it was revealed (see this Reuters article) that the university had paid 200,000 euros in ransom in the form of 30 Bitcoins.

As part of the investigation into the cyberattack, Dutch police came across a bank account (specifically, it was a crypto-wallet) that belonged to a money launderer in Ukraine, as can be read here. A relatively small part of the ransom – around 40,000 euros in bitcoin – had been deposited in this account. Dutch prosecutors were able to seize the account in 2020 and found a number of different cryptocurrencies as assets.

Negotiations over the return of the funds from this account dragged on. Dutch authorities have now been able to return the partial ransom to the university after more than two years of negotiations. However, the value of the bitcoin in the Ukrainian account has increased from 40,000 euros at the time to 500,000 euros.

Maastricht University ICT Director Michiel Borgers commented, "This money will not go into a general fund, but into a fund that helps financially struggling students." So now the university has gotten back twice the amount that was paid as a ransom. Could have turned out differently. Currently, the prosecutors are also trying to arrest those behind the attack – but this is likely to be rather difficult.
Click to expand...
borncity.com

Maastricht University gets partial ransom back after ransomware attack in 2019

[German]Partial success for Maastricht University, following a ransomware attack in 2019. Investigators have managed to seize part of the Bitcoin ransom payments. Due to price increases, this amount is now worth more than the entire ransom at the time. The university plans to put the amount into a f
borncity.com
 
  • Applause
  • Like
  • +Reputation
Reactions: Andy Ful, plat, Nevi and 4 others
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
I recall this case very well.

malwaretips.com

Ransomware Hits Maastricht University, All Systems Taken Down

Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23. UM is a university from the Netherlands with over 18,000 students, 4,400 employees, and 70,000 alumni, UM being placed...
malwaretips.com malwaretips.com
 
  • Like
Reactions: Andy Ful, plat, Nevi and 5 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,592

Maastricht University wound up earning money from its ransom payment​

However, as UM recently revealed, in a "remarkable development," the Netherlands Public Prosecution Service traced and seized a wallet containing the cryptocurrency paid by the university as ransom in 2019.

"The investigation [..] eventually paved the way for the seizure of the cryptocurrency by the Dutch Public Prosecution Service. As early as February 2020, the investigation team froze a so-called wallet containing part of the paid ransom," UM said.

"The value of the cryptocurrencies found at that time was €40,000; at the current exchange rate, they are worth approximately €500,000."

Although this might seem like the university made a considerable profit within a relatively short time, the €500,000 seized by law enforcement agents represents significantly less than the damage inflicted during the ransomware attack.

These seized funds are now in a bank account under the control of the Netherlands' Public Prosecution Service, and the Ministry of Justice has already initiated legal proceedings to transfer them to UM.

After recovering the money, UM Executive Board said it wants to create a fund that would allow the university to help students in need.

"The cyber attack showed how vulnerable students can be in their study progress, but certainly also financially," explains Vice-President Bos.

"The crises we have experienced since then have only further underlined this vulnerability. In light of this, the Executive Board considers the use of these funds to help students in need very appropriate."
Click to expand...
www.bleepingcomputer.com

Maastricht University wound up earning money from its ransom payment

Maastricht University (UM), a Dutch university with more than 22,000 students, said last week that it has recovered the ransom paid after a ransomware attack that hit its network in December 2019.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
Reactions: Andy Ful
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Sad
Medusa ransomware claims attack on Open University of Cyprus
Replies
0
Views
1,216
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
vtqhtr413
    • Like
Ransomware gang hijacks university alert system to issue threats
Replies
0
Views
760
News Archive
vtqhtr413
vtqhtr413
Viking
    • Wow
    • Like
    • +Reputation
New ‘DarkBit’ ransomware gang shuts down Technion, demands $1.7 million ransom
Replies
0
Views
551
News Archive
Viking
Viking

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top