Maastricht University: Companies must be public about ransomware
Companies and institutions that fall victim to ransomware should be more public about this, say Maastricht University and science institute Wetsus. The institutes themselves became victims of ransomware, and are calling on companies to talk about it.
Institutions that tell more about how they became victims can help others with this. Ransomware infections have to come ‘out of the dark’, says ICT director Jacques Beursgens of Maastricht University to the program De Kennis Van Nu. He refers to the University of Antwerp, which was hit by ransomware in the same way as his own university, presumably by the same criminals. “If information about that infection had been better shared internationally, we would have been able to arm ourselves better against it.”
According to Beursgens, there are still too many companies that prefer to keep an infection quiet. “We have shared it very openly with the world, but you still see that the shutters go down at companies that this happens every day.” Beursgens says companies should join other companies that are affected. “But help each other.”
In addition to Maastricht University, scientific research institute Wetsus was recently hit by ransomware. The company says it has come out with this ‘to warn people’. “You can blame yourself for everything, but on the other hand, this is a life-size risk for everyone,” says general director Johannes Boonstra against the TV program. “If it happens to you, be prepared so that you don’t have to consult with criminals like we do.”
Both Maastricht University and Wetsus paid the ransom for the attack. The first involved an amount of 30 bitcoins, at the time 197,000 euros. Wetsus won’t say how much it paid. The institute does say that the amount ‘was lower than the damage if we did not pay’.
The university later released more information about the attack at a symposium. At the time, the university said it wanted to provide as much openness as possible in order to warn other educational institutions and companies and let them learn from the situation.