University Makes Profit on Recovered Ransomware Payment
University Forced to Pay Up
Maastricht University – a Dutch college founded in 1976 that provides degree-level education to about 22,000 students – found itself on the receiving end of a ransomware attack in December 2019.
The attack is thought to have been carried out by a threat group called TA505 (which also goes by the names of SectorJ04 and Evil Corp). They were able to break into the university’s systems via phishing emails before deploying ransomware loads.
Maastricht was forced to pay 30 Bitcoins in ransom – equivalent to roughly $218,000 at the time.
The attack stopped students and university staff from being able to access their emails, as well as the platforms they need to perform research.
The decision to give in to the threat actor’s demands was not an easy one. As the University explained in a statement on the matter, it involved weighing up “the police’s advice and the moral objection against paying ransom” with “the interests of the UM students, scientists, and staff who no longer had access to their data and files.
Recovering the Money…With Added Interest
In early 2020, the team investigating the ransomware attack froze a crypto wallet that contained part of the ransom. When the wallet was frozen, there was around $40,000 worth of cryptocurrency inside.
However, at the current exchange rate, that figure is now approximately $550,000 – even though the wallet didn’t contain the full ransom haul, it’s over double the amount that was initially demanded by the threat actors who orchestrated the attack.
Although impressive – most ransomware attacks leave the victims completely out of pocket – the cost of the ransomware attack on the university’s cybersecurity infrastructure is significantly higher than the more than half a million recovered.
Currently, the funds are being held by the Public Prosecution Service in the Netherlands.
According to the University, The Ministry of Justice will ensure the funds are eventually transferred back to the education institution, which it will use to create a fund for students in need.
Protecting Yourself and Your Business From Ransomware
Maastricht University’s attackers found their way into the college’s network via phishing emails, which illustrates the importance of ensuring everyone inside your organization can spot what a suspicious email looks like, and the tell-tale signs of phishing.
We’re in an age where almost every end-users’ device represents a potential way in for a hacker. Yet-to-be-patched system vulnerabilities and out-of-date software allow for more intra-network lateral movement than ever before. Poorly trained staff and poor data security practices at an organizational level will widen the attack surface even further.
This means you need to upskill, update and upgrade. Upskill your staff with cybersecurity training, update your systems with the latest software iterations, and upgrade antivirus software with ransomware protection. Making these things a priority is your best bet.