University magazine: Maastricht University paid ransom after ransomware attack
According to sources from the university magazine Observant, Maastricht University has paid the ransom for the ransomware that affected the educational institution. It would be ‘a few tons’. A spokesperson declined to confirm.
The independent journal relies on ‘well-entered sources’ within UM. The university was hit by a major ransomware attack on Christmas Eve. As a result, almost all systems were no longer accessible. Last week it was announced that the university was in contact with the attackers. University spokesman Fons Elbersen would not confirm or deny whether the ransom was actually paid. He refers to an update on the website. In it, the university writes that it will no longer disclose information about the attack in the near future as long as the investigation is still ongoing. “We have two important considerations in this regard,” the university writes. “The external investigation is in full swing and we will share the results and our learnings as soon as they are known. As part of that investigation, we do not want to communicate anything that could complicate digital security in any way.”
In the meantime, various systems or parts thereof are said to be in operation. These are information systems around timetables, study material via EleUM and the Student Portal. According to the UM, these have to do with limited functionality. The UM mail and the file servers cannot be used yet. Education will therefore resume from 6 January. The university also asked students and staff to reset their passwords. A significant part of this has already been done, says Elbersen. Password resetting is standard protocol in such an incident. As far as we know, there was no immediate reason for this.
According to Observant, ‘a few hundred thousand’ had been paid for the ransomware. It is not known how high the actual amount would be. Elbersen doesn’t want to say anything about that either. That amount is in line with previous attacks with Clop, the specific ransomware that has now struck. The university has no insurance that covers the damage caused by ransomware. More and more insurers are offering to reimburse the ransom in the event of a ransomware infection.