The University of Maastricht publicly revealed that it paid a ransom of 30 bitcoins to recover its computer systems following a ransomware attack.

Nick Bos, vice president of the university, shared what officials knew about the digital attack at a press conference.

Bos noted that the security incident began when phishers successfully compromised the email account of a university employee in November 2019.

The ransomware infection unfolded in earnest on December 24, locking up the university’s computer systems and thereby preventing employees from accessing their emails or workstations.

After learning of the infection, the University of Maastricht retained the help of digital security firm Fox-IT to investigate what had happened. This effort traced the incident to TA505, a digital threat group which is well known for its malware attacks. Back in summer 2019, for instance, researchers spotted TA505 using an Excel 4.0 macro dropper to infect unsuspecting users with a new variant of the ServHelper backdoor.

According to Bos, the University of Maastricht considered rebuilding its entire IT network following the ransomware attack but ultimately decided against it. As quoted by iTnews:

The damage of that to the work of the students, scientists, staff, as well as the continuity of the institution, can scarcely be conceived.

In response, the university decided to meet the attackers’ demands by sending over a ransom payment of 30 bitcoin. This amount of cryptocurrency was worth more than 265,000 Euros and close to 300,000 USD at the time of writing.

News of the University of Maastricht’s ransomware infection came just one day after Dundee and Angus College revealed that it had been a victim of a digital attack. Just a week prior to that, officials at Regis University decided to pay attackers following a ransomware incident, reported The Denver Post.

These attacks highlight the (Read more...)