University recovers 2019 ransom to find value of cryptocurrency skyrocketed – SC Media
Cryptocurrency volatility worked out in a victim’s favor as Maastricht University. The school paid a ransom worth €200,000 in 2019 and is set to receive recovered funds from the criminals’ account now worth €500,000.
Maastricht said once received, it would deposit the money in a fund for students in need.
The Dutch Public Prosecution Service traced the €40,000 worth of cryptocurrency from the ransom to an account they were able to freeze in February of 2020. In the 17 months since, that cryptocurrency increased in value more than tenfold.
The university noted that even the gain of €300,000 was not enough to offset the total cost of recovering from the attack.
In 2021, the opposite situation impacted Colonial Pipeline when the brunt of its ransom was recovered. U.S. authorities were able to claw back 63.7 out of the 75 bitcoin Colonial Pipeline paid in ransom mere months after the ransom was paid. But bitcoin had plummeted in value, meaning the dollar value of the bitcoin recovered was $2.3 million — only about half of the $4.4 million ransom they paid.
Maastricht’s ransomware attack was carried out by affiliates of the Cl0p group. The university prominently displays a hanging digital sculpture by artist Richard Vijgen it commissioned to commemorate the event.
The funds are currently being held in an account owned by the Dutch Public Prosecution Service, with the Ministry of Justice instigating proceedings to get the money to the school.
Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.
SiliconAngle reports that California-based College of the Desert had its online services and phone lines disrupted by a “malware attack” on the Fourth of July.
BleepingComputer reports that more ransomware groups and hacking operations have been using the Brute Ratel threat simulation tool instead of Cobalt Strike to conceal their attacks from antivirus and endpoint detection and response systems.
Copyright © 2022 CyberRisk Alliance, LLC All Rights Reserved This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.