Hackers infiltrated Maastricht Univ. network months before €200K ransomware payout

Hackers that infected Maastricht University's network with ransomware were in the network for over two months before they attacked, was revealed in the forensic investigation into the attack. "They first mapped out the network in order to be able to roll out the ransomware as well as possible," security expert Frank Groenenweg of Fox-IT, who was involved in the investigation, said to NOS.

The forensic investigation showed that the attack started with two phishing emails. When university employees clicked on links in the emails, the hackers were able to infect the network with ransomware.

The care the hackers took to map out the network meant that they could block access to large parts of the university's network, including to its backups This left the university no choice but to pay the 30 bitcoins in ransom that the hackers demanded, Nick Bos, vice president of Maastricht University, said to the broadcaster. "At that time it was 200 thousand euros."

According to Bos, it was a difficult decision to make, but in the end the university had no choice but to pay up. If they hadn't, the university would have had to close for a month, he said. "Then students would not have been able to graduate, employees would not have received a salary, and we would have been unable to do research."

VVD parliamentarian Dennis Wiersma wants to know where the money came from with which the university paid the ransom. "If it turns out that this is education money, the VVD finds that really unacceptable," he said to NOS. According to him, the hack should not be at the expense of the quality of education.