Maastricht University caved and paid ransom to hackers

They paid almost $220,000 to the hackers.


On Christmas Day, we covered a ransomware attack that hit Maastricht University in the Netherlands.

Shortly after the new year, it was then reported that the university allegedly fixed their problem by paying over $100,000 to the hackers in order to regain access to their systems.

As it turns out, they did in fact take the route of paying the hackers, but the figure was closer to 200,000 than 100,000, or whatever 30 bitcoin was equivalent to back then.

As of the time of this writing, 30 bitcoin is worth almost $300,000.

The Dutch university held a press conference on February 5th that they livestreamed on YouTube.

The purpose of the press conference and the livestream was to share what they've learned from the attack on their system, in the hopes that other institutions could learn from their experience.

This is clearly reflected in the stream's title: “Lessons learned cyberattack UM”.

As it turns out, they had received two phishing emails that were opened on two different workstations on the 15th and 16th of October 2019.

That was how the hackers obtained access to their systems and gained control over several of the university's servers.

On November 21st, the attackers exploited a server that did not have the latest security updates.

This allowed them to obtain full root admin access to the university's entire network infrastructure.

It wasn't until December 23rd that the attack was detected, due to the ransomware infection.

According to the university, “as many as two hundred UM employees did not spend the Christmas holidays undisturbed at home, but worked at least part-time.”

The university justified their decision to pay the ransom saying it was the easier alternative. “Making or having a ‘decryptor' yourself is, according to experts, either impossible or will take a very long time. And not [paying] means that UM must rebuild all infected systems completely from scratch,” in addition to all the lost data.

Faced with this dilemma, they “ultimately made a decision that was entirely focused on the interest of students, staff and the institution.”

They were able to welcome students back on January 6th with “little or no irreparable damage.”


Carl Sinclair

Carl Sinclair is a technology reporter covering anti-competetive practices and privacy issues for Reclaim The Net. [email protected]