Skip links

Dutch University retrieves Bitcoin ransomware payment and makes a profit

The Netherlands’ Maastricht University has managed to recoup the Bitcoin ransom it paid to ransomware scum in 2019 – and has made a tidy profit on the deal.

The University explained that in 2019 it suffered a ransomware attack that prevented staff and students from accessing research data, email, or library resources.

Faced with the prospect that ransomware scum could erase research data and disrupt students, the University reluctantly decided to cough up a €200,000 ransom and was able to resume operations.

Investigators probed the matter and in 2020 tracked down part of the payment – into crypto accounts held by a Ukrainian money launderer.

After two years working to secure the contents of those accounts, some of the crypto was retrieved.

While the sum recovered was only around a fifth of the original ransom, the surging price of Bitcoin meant the University found itself with an asset worth €500,000.

The University isn’t sure if or when it will be able to access the cryptocurrency, as legal action is under way to ensure the funds are returned to the institution.

Once they arrive, they Uni has decided the profits will be directed into a fund for students in need.

The University does not rate the likely return of some ransom as a win, as even though it may end up €300,000 ahead, that sum does not cover the full cost of damage caused by the incident.

Ransom recoveries are not unusual. US authorities recovered some of the payment made by Colonial Pipeline, for example.

Recoveries are possible because cryptocurrencies are not as anonymous as some suggest. The ransomware underground also suffers from a shocking – yes, shocking!lack of honor among thieves. And of course scarcely a day goes by without a crypto-adjacent business finding its infosec was risibly flimsy, with stolen coins the result. ®