The University of Maastricht suffered a ransomware attack that demanded a ransom of 30 bitcoins, equal to almost 300,000 American dollars.
The news was spread by Reuters, which reveals that the attack dates back to December 24th, while the payment was made a few days ago when actually the value of the 30 BTC was about $220,000.
The attack blocked the University’s IT systems, including e-mails and computers, after which their attackers requested payment in bitcoin for the unlocking.
The university’s vice president, Nick Bos, explained that they decided to pay after considering alternatives, including the entire reconstruction of their computer network from scratch.
The University was helped in analyzing the incident by the cybersecurity company Fox-IT, which identified the hackers as the Russian-speaking criminal group TA505.
Unfortunately, these types of attacks are constantly growing, to the extent that it even seems that insurance companies have been forced to increase premiums on cybersecurity policies by 25%, considering that large companies, hospitals and airports are now also being attacked.
CEO of the CybSafe cloud data analysis and cybersecurity awareness platform CybSafe, Oz Alashe, commented:
“In the ideal world, organisations should never respond to ransomware threats. Doing so only serves to fund the actions of organised crime networks and rogue nation-state actors. But in this case, it appears the university was backed into a corner. Rebuilding its entire IT infrastructure from scratch may well have been more expensive than simply paying the 30 bitcoin ransom.
The group blamed for this attack, TA505, are financially motivated and are known for their various successful ransomware strains. It seems likely, based on the group’s previous activity, that this malware was delivered via a phishing campaign”.