Cryptocurrency volatility worked out in a victim’s favor as Maastricht University. The school paid a ransom worth €200,000 in 2019 and is set to receive recovered funds from the criminals’ account now worth €500,000.
Maastricht said once received, it would deposit the money in a fund for students in need.
The Dutch Public Prosecution Service traced the €40,000 worth of cryptocurrency from the ransom to an account they were able to freeze in February of 2020. In the 17 months since, that cryptocurrency increased in value more than tenfold.
The university noted that even the gain of €300,000 was not enough to offset the total cost of recovering from the attack.
In 2021, the opposite situation impacted Colonial Pipeline when the brunt of its ransom was recovered. U.S. authorities were able to claw back 63.7 out of the 75 bitcoin Colonial Pipeline paid in ransom mere months after the ransom was paid. But bitcoin had plummeted in value, meaning the dollar value of the bitcoin recovered was $2.3 million — only about half of the $4.4 million ransom they paid.
Maastricht’s ransomware attack was carried out by affiliates of the Cl0p group. The university prominently displays a hanging digital sculpture by artist Richard Vijgen it commissioned to commemorate the event.
The funds are currently being held in an account owned by the Dutch Public Prosecution Service, with the Ministry of Justice instigating proceedings to get the money to the school.
Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.
SC StaffJuly 6, 2022
Several publicly hosted TOR hidden services leveraged by ransomware groups including infrastructure linked to the Snatch, Nokoyawa, Quantum, and DarkAngels ransomware gangs have been uncovered by Cisco Talos researchers, reports The Hacker News.
SC StaffJuly 6, 2022
VMware ESXi servers running on Windows and Linux are being targeted by the novel RedAlert ransomware operation, also known as N13V, in an effort to infiltrate corporate networks and conduct double-extortion attacks, according to BleepingComputer.
Stephen WeigandJuly 6, 2022
Cyber actors sponsored by the North Korean government are using the Maui ransomware to target the health sector in the United States, federal agencies warned Wednesday in a joint alert.
Copyright © 2022 CyberRisk Alliance, LLC All Rights Reserved This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.