Dutch university pays $220,000 ransom to infamous Russian cybercrime ring

The University of Maastricht in Holland has ended up paying a $220,000 ransom to a group of Russian hackers after an unwary employee fell for a phishing scam.

The university was attacked with ransomware on Christmas Eve, 2019, a month after the employee clicked on the phishing email, bitcoinerx.com reported.

The group behind the attack has been identified by security firms as TA505 and Evil Corp, an infamous Russian cybercrime ring that has recently resurfaced with sophisticated attack techniques, according to an analysis by Microsoft and other researchers.

The attackers had demanded 30 Bitcoins, then worth about $220,000. At current prices, the figure would be closer to $300,000. The university reasoned it would be cheaper to cede to the attackers’ demands and pay for the decryption keys.

“The damage of that to the work of the students, scientists, staff, as well as the continuity of the institution, can scarcely be conceived,” University Vice-President Nick Bos said in a recent press conference.

Indeed, recovery after a ransomware contagion often costs more than the ransom itself. A notable example is the 2018 ransomware attack on the city of Atlanta in the state of Georgia. The municipality refused to pay a $51,000 ransom, then had to spend $17 million on recovery.

While ceding to attackers’ demands presents serious moral and ethical dilemmas, there are some cases in which the scales are heavily tipped in a single direction.