University of Maastricht vice president Nick Bos announced at a press conference on Wednesday it had bowed to the cyberattackers’ demands, as it otherwise would’ve had to rebuild its entire IT network to get back online.
“The damage of that to the work of the students, scientists, staff, as well as the continuity of the institution, can scarcely be conceived,” said university vice president Nick Bos, as quoted by Reuters.
Bos confirmed the attackers gained entry to the network after compromising an employee’s email account in November 2019 via phishing.
By December 24 last year, the hackers had encrypted the university‘s computer systems, including workstations and email servers, and demanded 30 BTC for a tool to unlock them (worth $216,000 then, $294,000 today).
Cybersecurity firm Fox-IT, hired by the University of Maastricht to recover its systems, found Russian-speaking cybercriminal group TA505, also known as Evil Corp, responsible for the attack.
Dudear (aka TA505/SectorJ04/Evil Corp), used in some of the biggest malware campaigns today, is back in operations this month after a short hiatus. While we saw some changes in tactics, the revived Dudear still attempts to deploy the info-stealing Trojan GraceWire.
— Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020
The US Department of Justice believes TA505 has caused over $100 million worth of losses since its inception, having hit financial institutions and retailers in several countries with its information-stealing Dridex malware.
A recent investigation found more than 1,000 potential TA505 victims across the world.
FBI urges victims not to pay Bitcoin ransoms
Ransomware incidents like these persist across the world. In the past two years, hackers have taken over the computer networks of governments, businesses, hospitals, and schools, often demanding millions of dollars in cryptocurrency (most Bitcoin) for a decryption tool.
They’re indeed so prevalent that the FBI issued a warning in October urging ransomware victims not to pay their hackers, lest they be encouraged to carry out more attacks.
As for the University of Maastricht, its computer systems are reportedly back online and now fully operational.
Published February 7, 2020 — 11:27 UTC