Maastricht University made profit through ransom repayment

Maastricht University received nearly 200 by course gain after paying ransom.09 € per year 963 now half a million euros back

After an investigation team from the public prosecutor’s office and the Dutch police were able to track down part of the ransom paid by Maastricht University after a hack, the educational institution got its money back in the spring of this year. However, since the payment in 2019, the bitcoins paid have experienced a significant increase in value. While they were about 200.

euros in Bitcoins, they now got stately 237. euros back. The university announced, however, that the money will not “flow into the general budget of the university, but will benefit a fund for students in need” . This was reported by Volkskrant.

Cyber ​​attack on Maastricht University led to ransom payment

Maastricht University was found on 23. December 2019 Victim of major ransomware attack. Criminal hackers completely paralyzed the IT infrastructure by encrypting hundreds of Windows servers and backup systems. As a result, neither the 23.000 Students, nor the academic staff have more access to data, the library or their e-mails.

For the provision of the key to unlock the data, the hackers then required approx. 200. Euro in Bitcoins as ransom. After a week’s consideration, those responsible decided to comply with the hackers’ demands. Otherwise a lot of personal data would have been lost. Students would not have been able to take exams or continue working on their thesis.

The Limburg Police Cybercrime Team succeeded in

to track down part of the ransom paid. They accordingly traced it to the wallet of a Ukrainian man who acted as a money launderer for the hackers. There were a number of different cryptocurrencies on the wallet, including the 40.000 EUR of the ransom paid by Maastricht University.

International cooperation led to a house search in Ukraine

The investigative team traveled 2021 to Ukraine, where the Ukrainian authorities searched the Ukrainian’s home at the request of the investigators and spoke to those involved. The investigations there paved the way for the eventual confiscation of the cryptocurrency. However, investigations into the hackers responsible for the attack on the educational institution and the hunt for the remaining ransom are still ongoing.

Metten Bergmeijer, team leader of the Limburg Police Cybercrime Team, announced in February this year on the case of University of Maastrich known:

“Every form of crime leaves traces, including crime in the digital world. Thanks to the good cooperation with the university and the cyber security company it commissioned, we were able to use the secured traces. Such cooperation is essential to conduct a proper criminal investigation. You can compare it to a burglary. As police, we are not repairing the door that the burglars destroyed, but we are interested in the fingerprints or other traces left on that door in our investigation. At some point the university had to give to the hackers 197.000 Pay ransom in euros. We’ve always believed that nothing should be paid for. But we respect and understand this choice in the face of all the dilemmas.”

Bitcoin appreciation caused redemption amounts to increase significantly

In February 2020 the investigative team froze the wallet to which part of the paid ransom went. The value of the cryptocurrencies it contained was around 40.000 Euro. However, in order to actually have access to the wallet, a judicial procedure must lead to a formal confiscation. This required, among other things, making demands and requests for legal assistance to international partners. A lengthy legal process that eventually led to the cryptocurrency being formally seized by prosecutors in April 2022. Due to the Bitcoin price increase, its value has increased to about 963.000 Euro.

Georges van den Eshof (Cybercrime Prosecutor) summed up:

“There are still legal steps to be taken. But the prosecution will do everything to recover the entire amount paid by the university. Around 200.000 They paid a ransom of EUR at the time, but of course the damage suffered was much greater. Think about purchasing new systems and working to get the network up and running again. The main aim of the confiscation is to compensate the university as much as possible. That was also one of the goals of our criminal investigations.”


Related Articles

Back to top button