Dutch university recovered ransomware payment with a $300k profit

Updated on: 05 July 2022

Vilius Petkauskas
Deputy Editor

Bitcoin-screen-hacker — Image by Shutterstock.

Even though the authorities recovered only a fraction of the payment made in Bitcoin three years ago, the victim made a solid profit.

Dutch authorities recently recovered a slice of the funds the Netherlands’ Maastricht University paid to perpetrators in a ransomware attack.

Threat actors from the now-defunct Clop ransomware group breached the university in late December 2019 and demanded the organization cough up $197,000 or 30 bitcoins.

The attack took down the university’s internal IT systems and email services, halting any digital activities. While the authorities advised against paying up, the university decided to comply with the demands.

“On the one hand, there was the police’s advice and the moral objection against paying ransom; on the other hand, there was the interests of the UM students, scientists and staff who no longer had access to their data and files,” reads the statement by the university.

With the help of their counterparts in Ukraine, Dutch authorities succeeded in freezing part of the ransom payment in February 2020. At the time, the crypto assets were worth $40,000, only a fifth of the total payment.

However, at current prices, the same amount of Bitcoin is worth around half a million dollars, several times more than the initial payment. The Netherlands’ Ministry of Justice and the university are working to recover the funds.

While the recovered sum exceeds the amount that was transferred to threat actors after the attack, the university hardly considers that a profit.

“While it may seem like a lot of money, it is significantly less than the damage the university actually suffered as a result of the attack,” the statement says.

The university claims that if recovered, the money will be directed to support students in need.