University Makes Profit on Recovered Ransomware Payment

While good news, the university stated that it was still out of pocket due to the additional costs of the attack.

A Dutch university recently revealed that it recovered some of the $218,000 in cryptocurrency it paid out after a ransomware attack in 2019 – which had increased to almost twice the value of the original ransom.

Although the university successfully managed to recoup significantly more money than was originally extorted from it, the sum will not cover the cost of rebuilding the institution’s cybersecurity infrastructure.

Cyberattacks on universities and businesses are becoming increasingly common, with hackers and ransomware groups actively exploiting system vulnerabilities and companies without good antivirus software or cybersecurity infrastructure.

University Forced to Pay Up

Maastricht University – a Dutch college founded in 1976 that provides degree-level education to about 22,000 students – found itself on the receiving end of a ransomware attack in December 2019.

The attack is thought to have been carried out by a threat group called TA505 (which also goes by the names of SectorJ04 and Evil Corp). They were able to break into the university’s systems via phishing emails before deploying ransomware loads.

Maastricht was forced to pay 30 Bitcoins in ransom – equivalent to roughly $218,000 at the time.

The attack stopped students and university staff from being able to access their emails, as well as the platforms they need to perform research.

The decision to give in to the threat actor’s demands was not an easy one. As the University explained in a statement on the matter, it involved weighing up “the police’s advice and the moral objection against paying ransom” with “the interests of the UM students, scientists, and staff who no longer had access to their data and files.

Recovering the Money…With Added Interest

In early 2020, the team investigating the ransomware attack froze a crypto wallet that contained part of the ransom. When the wallet was frozen, there was around $40,000 worth of cryptocurrency inside.

However, at the current exchange rate, that figure is now approximately $550,000 –  even though the wallet didn’t contain the full ransom haul, it’s over double the amount that was initially demanded by the threat actors who orchestrated the attack.

Although impressive – most ransomware attacks leave the victims completely out of pocket – the cost of the ransomware attack on the university’s cybersecurity infrastructure is significantly higher than the more than half a million recovered.

Currently, the funds are being held by the Public Prosecution Service in the Netherlands.

According to the University, The Ministry of Justice will ensure the funds are eventually transferred back to the education institution, which it will use to create a fund for students in need.

Protecting Yourself and Your Business From Ransomware

Maastricht University’s attackers found their way into the college’s network via phishing emails, which illustrates the importance of ensuring everyone inside your organization can spot what a suspicious email looks like, and the tell-tale signs of phishing.

We’re in an age where almost every end-users’ device represents a potential way in for a hacker. Yet-to-be-patched system vulnerabilities and out-of-date software allow for more intra-network lateral movement than ever before. Poorly trained staff and poor data security practices at an organizational level will widen the attack surface even further.

This means you need to upskill, update and upgrade. Upskill your staff with cybersecurity training, update your systems with the latest software iterations, and upgrade antivirus software with ransomware protection. Making these things a priority is your best bet.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Aaron Drapkin is's Content Manager. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol six years ago. Aaron's focus areas include VPNs, cybersecurity, AI and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, Cybernews, Lifewire, HR News and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, ProPrivacy, The Week, and covering a wide range of topics.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals