Dutch University Recovers Bitcoin Paid in 2019 Ransomware Attack

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

Dutch university Maastricht University (UM) announced earlier this month that it was able to recover the Bitcoin it paid to ransomware operators in 2019 after police successfully traced the cryptocurrency. 

UM staff fell for a phishing lure in 2019 that let cybercriminals enter its IT infrastructure. The hackers deployed ransomware and demanded that a Bitcoin payment be made to unfreeze the encrypted data.

According to Dr. Nick Bos, the Vice President of the Executive Board, UM was faced with an ethical dilemma.

“On the one hand, there was the police’s advice and the moral objection against paying the ransom,” read the university’s announcement. “On the other hand, there were the interests of the UM students, scientists, and staff who no longer had access to their data and files. The study progress of students, scientific research, and the continuity of the university were at stake. After ‘extremely difficult deliberations’ it was finally decided to pay the ransom.”

However, the ransom payment transaction left traces that eventually pointed to a money launderer in Ukraine.

Reportedly, Ukrainian authorities carried out a search and spoke with those involved, which eventually allowed the Dutch Public Prosecution Service to seize the cryptocurrency.

“As early as February 2020, the investigation team froze a so-called wallet containing part of the paid ransom,” the university said. “The value of the cryptocurrencies found at that time was €40,000; at the current exchange rate, they are worth approximately €500,000.”

According to UM, the sum is significantly less than the total damage incurred as a result of the incident. The university also plans to use the recovered money to help students in need.

The cyber attack showed how vulnerable students can be in their study progress, but certainly also financially,” Vice President Bos explained. “The crises we have experienced since then have only further underlined this vulnerability. In light of this, the Executive Board considers the use of these funds to help students in need very appropriate.”

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.