The Netherlands Maastricht University has announced that an extended investigation into a ransomware attack in 2019 has finally resulted in the seizure of €500,000. Yet, what is remarkable is that Maastricht University only paid out €200,000 originally.
In 2019 Maastricht University was hit by a wave of malware which paralyzed the campus. The attack prevented staff and students from accessing research data, email, or library resources.
With no other immediate options open to them, the University reluctantly decided to pay the €200,000 ransom and was able to resume operations.
Maastricht University cooperated with the Dutch police and the Public Prosecution Service in an open and transparent manner. Partly due to this exchange of information, the cybercrime team of the police and the Public Prosecution Service succeeded in tracing and confiscating the cryptocurrency.
Following a trail, the investigation team travelled to Ukraine in 2021. The investigation in Ukraine eventually paved the way for the seizure of the cryptocurrency by the Dutch Public Prosecution Service.
As early as February 2020, the investigation team froze a so-called wallet containing part of the paid ransom in the form of cryptocurrency seized is currently at a value of €500,000.
While this still only makes up a fraction of the value of the original ransom, it is a happy development for the University in a world where very few ransoms are ever partially or wholly recovered.