Dutch University Recovers Bitcoins Paid in 2019 Ransomware Attack – Plans to Give It to Students in Need

Bit Defender Antivirus Plus

Maastricht University (UM) recently announced a remarkable development in the investigation into a 2019 cyber attack which forced it to make a Bitcoin payment to ransomware operators. UM has turned a profit off the attack after police succeeded in tracing the cryptocurrency.

In 2019, UM staff fell for a phishing lure that eventually let cybercriminals in its IT infrastructure. The attackers deployed ransomware and demanded that a Bitcoin payment be made to unfreeze the encrypted data.

According to the Vice-President of the Executive Board, Dr. Nick Bos, UM was faced with an ethical dilemma after the attack:

“On the one hand, there was the police’s advice and the moral objection against paying ransom,” reads the announcement. “On the other hand, there was the interests of the UM students, scientists and staff who no longer had access to their data and files. The study progress of students, scientific research and the continuity of the university were at stake. After ‘extremely difficult deliberations’ it was finally decided to pay the ransom.”

Fortunately for the University, the transaction left traces that eventually pointed to a money launderer in Ukraine.

Ukrainian authorities reportedly carried out a search and spoke with those involved, paving the way for the seizure of the cryptocurrency by the Dutch Public Prosecution Service.

“As early as February 2020, the investigation team froze a so-called wallet containing part of the paid ransom,” the university says. “The value of the cryptocurrencies found at that time was €40,000; at the current exchange rate, they are worth approximately €500,000.”

UM claims the sum is significantly less than the total damage incurred as a result of the ordeal. However, as the Ministry of Justice works to ensure that the money will eventually go back to UM, the university’s executive board already has big plans with the money – to help students in need.

“The cyber attack showed how vulnerable students can be in their study progress, but certainly also financially,” Vice-President Bos explains. “The crises we have experienced since then have only further underlined this vulnerability. In light of this, the Executive Board considers the use of these funds to help students in need very appropriate.”