Industry News

Dutch university pays $220,000 ransom to infamous Russian cybercrime ring

Maastricht University at the Brightlands Maastricht Health Campus Credits: Brightlands (under Creative Commons license)

The University of Maastricht in Holland has ended up paying a $220,000 ransom to a group of Russian hackers after an unwary employee fell for a phishing scam.

The university was attacked with ransomware on Christmas Eve, 2019, a month after the employee clicked on the phishing email, reported.

The group behind the attack has been identified by security firms as TA505 and Evil Corp, an infamous Russian cybercrime ring that has recently resurfaced with sophisticated attack techniques, according to an analysis by Microsoft and other researchers.

The attackers had demanded 30 Bitcoins, then worth about $220,000. At current prices, the figure would be closer to $300,000. The university reasoned it would be cheaper to cede to the attackers’ demands and pay for the decryption keys.

“The damage of that to the work of the students, scientists, staff, as well as the continuity of the institution, can scarcely be conceived,” University Vice-President Nick Bos said in a recent press conference.

Indeed, recovery after a ransomware contagion often costs more than the ransom itself. A notable example is the 2018 ransomware attack on the city of Atlanta in the state of Georgia. The municipality refused to pay a $51,000 ransom, then had to spend $17 million on recovery.

While ceding to attackers’ demands presents serious moral and ethical dilemmas, there are some cases in which the scales are heavily tipped in a single direction.

About the author


Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.