Friday , October 30 2020

Dutch university pays $220K in Bitcoin to alleged Russian hackers

TNW uses cookies to personalize content and ads to
make our site easier for you to use.
We do also share that information with third parties for
advertising & analytics.

Powered by

Blockchain, cryptocurrencies, and insider stories by TNW.

Evil Corp is thought to be behind the attack

A Dutch university resorted to paying hackers $220,000 in Bitcoin BTC to release computer systems held for ransom since Christmas Eve, reports Reuters.

University of Maastricht vice president Nick Bos announced at a press conference on Wednesday it had bowed to the cyberattackers’ demands, as it otherwise would’ve had to rebuild its entire IT network to get back online.

“The damage of that to the work of the students, scientists, staff, as well as the continuity of the institution, can scarcely be conceived,” said university vice president Nick Bos, as quoted by Reuters.

Bos confirmed the attackers gained entry to the network after compromising an employee’s email account in November 2019 via phishing.

By December 24 last year, the hackers had encrypted the university‘s computer systems, including workstations and email servers, and demanded 30 BTC for a tool to unlock them (worth $216,000 then, $294,000 today).

Cybersecurity firm Fox-IT, hired by the University of Maastricht to recover its systems, found Russian-speaking cybercriminal group TA505, also known as Evil Corp, responsible for the attack.

Dudear (aka TA505/SectorJ04/Evil Corp), used in some of the biggest malware campaigns today, is back in operations this month after a short hiatus. While we saw some changes in tactics, the revived Dudear still attempts to deploy the info-stealing Trojan GraceWire.

— Microsoft Security Intelligence (@MsftSecIntel) January 30, 2020

The US Department of Justice believes TA505 has caused over $100 million worth of losses since its inception, having hit financial institutions and retailers in several countries with its information-stealing Dridex malware.

A recent investigation found more than 1,000 potential TA505 victims across the world.

Ransomware incidents like these persist across the world. In the past two years, hackers have taken over the computer networks of governments, businesses, hospitals, and schools, often demanding millions of dollars in cryptocurrency (most Bitcoin) for a decryption tool.

They’re indeed so prevalent that the FBI issued a warning in October urging ransomware victims not to pay their hackers, lest they be encouraged to carry out more attacks.

As for the University of Maastricht, its computer systems are reportedly back online and now fully operational.

Published February 7, 2020 — 11:27 UTC

Thank you!

Copyright © 2006—2020.
All rights reserved.
Made with in Amsterdam.

This Article was first published on

About IT News Ug

Check Also

‘Mysterious’ billionaire cashes in $127M worth of Gates-backed pharma stock

TNW uses cookies to personalize content and ads to make our site easier for you …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.