Maastricht University makes ‘profit’ after returning ransomware crypto ransom
Maastricht University has recovered part of the cryptocurrency it paid as a ransom for a ransomware attack in 2019 thanks to the police and the judiciary. The university paid 197,000 euros in crypto at the time and is now getting 500,000 euros back.
The educational institution paid a total of 197,000 euros in ransom at the time, so there is a ‘profit’ of about 300,000 euros. Although a simple calculation might give the impression that the university is doing well with this, it itself states in internal communication that this is still ‘significantly less than the damage the university has suffered’.
According to the Volkskrant the cybercrime team of the Limburg police tracked down the ransom. It was in the hands of a Ukrainian money launderer. He was interrogated in his home country and his crypto coins were confiscated. The seizure was in 2020, but the university has only now got the cryptocurrency back. Nevertheless, this waiting time has turned out to be somewhat positive for the university. Maastricht University says that the money ‘will not go to general funds, but to a fund for students in need’.
The funds the university has received are not one-to-one of the same crypto coins it paid in 2019. In part, namely 4.54 of the 30 bitcoin, it is the original ransom. That was worth about 30,000 euros at the time and about 18,500 euros at the time of writing. The rest of the funds up to 500,000 euros come from other cryptocurrencies on the money launderer’s account. Although this is not strictly speaking the university’s money, it does receive it. De Volkskrant writes that in a separate, longer reconstruction.
It seems that not only the money launderer involved is Ukrainian. In 2021 it came out that the Ukrainian police conducted raids in the country in collaboration with Interpol and six suspects were arrested. At that time it was not yet certain whether it was the Cl0p ransomware gang, but in the following months there was a lull in the group’s activity. More victims of Cl0p have recently come out again, but that may be part of the group’s exit strategy, Bleeping Computer writes.
Maastricht University was hit by the ransomware in December of 2019. As a result, computers and systems were unusable for a long time. Education resumed at the beginning of January without many problems. As far as is known, few important systems or files were lost.
Update, 12:06 PM: added information about the value of the ‘profit’ compared to the damage suffered by the university, based on internal communication.
Update, ~1pm: additional information about origin 500,000 euros added.