Maastricht University paid ransom following cyberattack

Illustratie VIN-JD/Pixabay

Just before Christmas 2019, Maastricht University was hit by a cyberattack involving ransomware. The attack took down all of the university’s systems. Staff and students were unable to use their email programmes and the university’s research activities were also seriously disrupted.

Nick Bos, vice-president of Maastricht University’s executive board describes the episode as an ‘impossible dilemma’. In the end, the interests of students, researchers and staff decided the issue: failure to pay the ransom could have led to months of delay before the university was able to resume its teaching and research activities.

Following the payment, part of the university’s computer systems was back online on 2 January. University newspaper Observant reported unofficially that same day that the university had indeed paid ransom, though the exact amount was unclear. Despite fears that revealing the amount has now set a precedent for other cyber criminals, Bos said he wanted to be transparent about the situation and put an end to speculation.

Pot of money
Bos acknowledges that universities and universities of applied sciences are responsible for their own digital security. Nevertheless, they are funded for education and research, he adds. There is no additional pot of money for high investments in cyber security. And Maastricht University alone has to deal with over one thousand attempted digital attacks every day. He believes the cyberattack represents a ‘wake-up call for the entire education sector’.

Phishing email
Security company Fox-IT, which investigated the cyberattack at the expense of the university, suspects that the attack was carried out by a group of East European hackers known to authorities since 2014 as ‘Grace-RAT’ of ‘TA505’. On 15 October they infiltrated the laptop of a university staff member who had clicked on a link in a phishing email. One month later they had taken complete control of the network, enabling them to install ransomware on 23 December.

Utrecht University was targeted as well, but could repel the attack, it-specialists told DUB in an interview.