University of Maastricht Paid 30 Bitcoins to Ransomware Attackers

Posted on February 6, 2020
PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers
The University of Maastricht publicly revealed that it paid a ransom of 30 bitcoins to recover its computer systems following a ransomware attack.
logo_45140-200x108.gif
Nick Bos, vice president of the university, shared what officials knew about the digital attack at a press conference. Bos noted that the security incident began when phishers successfully compromised the email account of a university employee in November 2019. The ransomware infection unfolded in earnest on December 24, locking up the university's computer systems and thereby preventing employees from accessing their emails or workstations. After learning of the infection, the University of Maastricht retained the help of digital security firm Fox-IT to investigate what had happened. This effort traced the incident to TA505, a digital threat group which is well known for its malware attacks. Back in summer 2019, for instance, researchers spotted TA505 using an Excel 4.0 macro dropper to infect unsuspecting users with a new variant of the ServHelper backdoor. According to Bos, the University of Maastricht considered rebuilding its entire IT network following the ransomware attack but ultimately decided against it. As quoted by iTnews:
The damage of that to the work of the students, scientists, staff, as well as the continuity of the institution, can scarcely be conceived.
In response, the university decided to meet the attackers' demands by sending over a ransom payment of 30 bitcoin. This amount of cryptocurrency was worth more than 265,000 Euros and close to 300,000 USD at the time of writing. News of the University of Maastricht's ransomware infection came just one day after Dundee and Angus College revealed that it had been a victim of a digital attack. Just a week prior to that, officials at Regis University decided to pay attackers following a ransomware incident, reported The Denver Post. These attacks highlight the need for organizations to defend themselves against a ransomware infection. One of the best ways they can do this is by using these tips to prevent an attack in the first place.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!