Maastricht University Recovers Bitcoin Ransomware Payment, Makes Huge Profit

Maastricht University Recovers Bitcoin Ransomware Payment, Makes Huge Profit

(Photo : Maastricht University / Photo taken from official Maastricht University website)

Maastricht University's 2019 Bitcoin ransom payment has partially been reimbursed, and the victims of the ransomware have even profited money thanks to a more than tenfold increase in the value of the cryptocurrency.

The University Was Hit With a Ransomware Three Years Ago

According to the university, a ransomware attack in 2019 prevented staff and students from accessing research data, email, or library resources.

In order to resume operations, The Register said the University reluctantly opted to pay a €200,000 ransom in Bitcoin to the ransomware attackers.

Deutsche Welle (via Dutch newspaper De Volkskrant) reported that the risk of losing the data led to the university's decision to pay the ransom. Some students might therefore be unable to take exams or finish their academic papers.

Read More: Sanctioning Ransomware Groups: Why Is It Difficult To Do?

Authorities Tracked Down the Payment

After conducting a thorough investigation, Dutch police were able to locate the Ukrainian money launderer's bank account where €40,000 of the ransom had been transferred.

When the account was seized by the authorities, multiple cryptocurrencies were discovered therein. About two years later, they were able to give the educational institution their portion of the ransom back.

While the sum recovered was only around a fifth of the original ransom, the value of the Bitcoin held in the Ukrainian account has increased from its then-value of €40,000 to €500,000. The institution has more than doubled its 2019 payout, even without receiving the remaining ransom.

Deutsche Welle reported that Police are still looking for people who committed the attack as their investigation is still open.

What Will the University Do With the Retrieved Money?

The Register mentioned that the educational institution is unsure of whether or when it will be able to access the cryptocurrency because legal action is being taken to make sure the assets are returned to the university.

"This money will not go to a general fund, but into a fund to help financially strapped students," Maastricht University ICT director Michiel Borgers said (via Deutsche Welle).

Retrieving Ransomware Payout Is Not Unusual

The Register pointed out that because cryptocurrencies are not as anonymous as some claim, recoveries are feasible. 

A separate The Register report said that in 2021, the US Department of Justice said it had recovered 63.7 Bitcoins of the 75 BTC the Colonial Pipeline paid to the cybercriminals who hacked the fuel supplier's computers with ransomware.

It was said that Colonial contacted the Federal Government shortly after some of its internal IT systems were infected by the extortionware in early May, causing a temporary halt in operations. The US East Coast is supplied by the pipeline that was shut down for days, which caused panic buying and some gas stations to run out of fuel.

The Darkside team responsible for the attack received a ransom payment of 75 BTC.

It turns out that the Federal Government was able to trace this payment to a specific address, for which the FBI has the "private key." It is unclear how the FBI came to possess this "private key."

Related Article: AstraLocker Ransomware Shuts Down Operations, Plans to Go for Cryptojacking Instead

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Company from iTechPost

More from iTechPost