Maastricht University makes ‘profit’ after return of ransomware-crypto ransom

By admin On Jul 2, 2022

Spread the love

Maastricht University has recovered part of the cryptocurrency it paid as ransom for a ransomware attack in 2019 thanks to the police and the judiciary. At the time, the university paid 197,000 euros in crypto and is now getting 500,000 euros back.

At the time, the educational institution paid a total of 197,000 euros in ransom, so there is about 300,000 euros ‘profit’. Although a simple calculation might give the impression that the university is doing well with this, it itself states in internal communication that this is still ‘significantly less worth than the damage the university has suffered’.

According to the Volkskrant the cybercrime team of the Limburg police has tracked down the ransom. It was owned by a Ukrainian money launderer. He was interrogated in his home country and his crypto coins were confiscated. The seizure was in 2020, but the university has only now got the crypto back. Nevertheless, this waiting period has turned out to be somewhat positive for the university. Maastricht University says the money ‘will not go to general funds, but to a fund for ailing students’.

The funds that the university has received are not one to one from the same cryptocurrencies it paid in 2019. Part, namely 4.54 of the 30 bitcoin, is the original ransom. At the time, that was worth about 30,000 euros and at the time of writing about 18,500 euros. The rest of the funds up to 500,000 euros come from other crypto coins in the money launderer’s account. Despite the fact that, strictly speaking, this is not the university’s money, it does receive it. De Volkskrant writes that in a separate, longer reconstruction.

It seems that not only the money launderer involved is Ukrainian. In 2021, it was revealed that Ukrainian police, in conjunction with Interpol, had raided the country and arrested six suspects. At the time, it was not yet certain whether it was the Cl0p ransomware gang, but there was a lull in the group’s activity in the months that followed. Recently, more victims of Cl0p have come out, but that may be part of the group’s exit strategy, this is how Bleeping Computer writes.

Maastricht University was hit by the ransomware in December 2019. As a result, computers and systems could not be used for a long time. Education resumed in early January, without much trouble. As far as we know, few important systems or files were lost.

Update, 12.06 pm: added information about the value of the ‘profit’ compared to the damage suffered by the university, based on internal communication.

Update, ~1pm: additional information about origin 500,000 euros added.