The University of Maastricht has revealed it paid hackers a ransom of 30 bitcoin, worth over $200,000 at the time, for the hackers to lift a ransomware attack blocking its systems.
According to Reuters, the hackers managed to infiltrate the university’s system back in October after a staff member clicked on a file within a phishing email. After infecting the staff members’ laptop, the hackers infiltrated the organization’s network to finally deploy the ransomware on December 23.
The Vice President of the university, Nick Bos, said that it decided to pay the 30 BTC ransom after considering its options, which would include rebuilding the organization’s IT network from the ground up. He was quoted as saying:
The damage of that to the work of the students, scientists, staff, as well as the continuity of the institution, can scarcely be conceived.
Fox-IT, a cybersecurity firm that helped the university recover from the attack, identified the hacking group responsible for it as the Russian-speaking organization TA505. Ransomware attacks have been increasing, so much so that insurers raised premiums on cybersecurity as much as 25%, Reuters reports.
In statements sent to the press Oz Alashe, CEO of cyber security awareness platform and cloud data analytics platform, CybSafe, noted that in an ideal world organizations wouldn’t respond to ransomware threats, but that in this case the university was “backed into a corner.”
The group behind the attack is reportedly known to be financially motivated, and for being successful with ransomware attacks. In a statement sent to CryptoGlobe, Alashe added that if an organization has system backups there’s “generally no reason to pay a ransom.”
Paying a ransom like this is really a measure of last resort. The University of Maastricht is now likely to become a target for other cyber criminal groups, who will be encouraged by the fact it has paid up in this instance. Even when an organisation pays a ransom, this is no guarantee that they will be able to get their files back unencrypted. That being said, it appears in this instance that the criminals cooperated.
While in some situations the victims are able to negotiate ransoms, it’s unclear whether the university negotiated this one down to 30 BTC, or whether they simply met the hackers’ demands.
Featured image via Unsplash.