Maastricht University paid ransom following cyberattack

The board of Maastricht University has admitted paying ransom to the hackers who carried out a major cyberattack just before Christmas last year. To regain access to their computer systems, the university had to fork out 197,000 euros.

photo Makstrom / Shutterstock

Just before Christmas 2019, Maastricht University was hit by a cyberattack involving ransomware. The attack took down all of the university’s systems. Staff and students were unable to use their email programs and the university’s research activities were also seriously disrupted.


Nick Bos, vice-president of Maastricht University’s executive board describes the episode as an ‘impossible dilemma’.  In the end, the interests of students, researchers and staff decided the issue: failure to pay the ransom could have led to months of delay before the university was able to resume its teaching and research activities.

Following the payment, part of the university’s computer systems was back online on 2 January. University newspaper Observantreported  unofficially that same day that the university had indeed paid ransom, though the exact amount was unclear. Despite fears that revealing the amount has now set a precedent for other cyber criminals, Bos said he wanted to be transparent about the situation and put an end to speculation.

Pot of money

Bos acknowledges that universities and universities of applied sciences are responsible for their own digital security. Nevertheless, they are funded for education and research, he adds. There is no additional pot of money for high investments in cyber security. And Maastricht University alone has to deal with over one thousand attempted digital attacks every day. He believes the cyberattack represents a ‘wake-up call for the entire education sector’.

Phishing email

Security company Fox-IT, which investigated the cyberattack at the expense of the university, suspects that the attack was carried out by a group of East European hackers known to authorities since 2014 as ‘Grace-RAT’ of ‘TA505’. On 15 October they infiltrated the laptop of a university staff member who had clicked on a link in a phishing email. One month later they had taken complete control of the network, enabling them to install ransomware on 23 December.

Share this article