The University (UM) of the Dutch city of Maastricht fell victim to a ransomware attack on Dec. 23, 2019, according to my research (see Ransomware infects Maastricht University). All computer systems have been shut down for the moment. Of course, it was super fitting that December 24 was Christmas Eve, because the administrators had focused on Christmas and the students were probably also mostly on Christmas vacation.
As a result of the ransomware infection, all IT systems had to be taken offline. The latest statement from the university, dated January 27, 2020, says that students can copy, print and scan again with internal systems. In February 2020, it was revealed (see this Reuters article) that the university had paid 200,000 euros in ransom in the form of 30 Bitcoins.
As part of the investigation into the cyberattack, Dutch police came across a bank account (specifically, it was a crypto-wallet) that belonged to a money launderer in Ukraine, as can be read here. A relatively small part of the ransom – around 40,000 euros in bitcoin – had been deposited in this account. Dutch prosecutors were able to seize the account in 2020 and found a number of different cryptocurrencies as assets.
Negotiations over the return of the funds from this account dragged on. Dutch authorities have now been able to return the partial ransom to the university after more than two years of negotiations. However, the value of the bitcoin in the Ukrainian account has increased from 40,000 euros at the time to 500,000 euros.
Maastricht University ICT Director Michiel Borgers commented, “This money will not go into a general fund, but into a fund that helps financially struggling students.” So now the university has gotten back twice the amount that was paid as a ransom. Could have turned out differently. Currently, the prosecutors are also trying to arrest those behind the attack – but this is likely to be rather difficult.