Maastricht University Hit By Clop Ransomware, Pays $220 000 USD for Decryption
Netherlands’ Maastricht University was hit by a ransomware attack on December 23rd, 2019. The university paid the cyberattackers 30 bitcoins, worth at around $220 000 USD, in order to restore the infected computers to working conditions.
The ransomware malware strain, called “Clop ransomware”, encrypted 267 of the university’s Windows servers, including backups. The University’s full infrastructure consists of 1647 servers running either Linux or Windows, and 7307 workstations. The university reported that it has several network security measures in place including firewalls, antivirus, and spam filters, but that the ransomware was able to bypass these measures through two phishing emails on October 15th and 16th 2019.
The university stated that despite the IT department constantly receiving alerts on security threats, there is still a need for more education on avoiding phishing techniques to help alleviate the constant pressure of cyberattack. For tips on how to detect phishing emails, read our article on the topic here.
Nick Bos, VP of Maastricht university, discussed the decision to pay the ransom to the attackers. He stated that while the University does not ethically stand by the act of succumbing to ransomware extortion, it ultimately made the decision to pay the ransom due minimize the damage that the attack would have on its students’ education, staff, and researchers.
What can we learn from this attack?
- Phishing attacks are as prevalent as ever, and can lead to significant financial damage to an organization. Any organization’s firewall is only as strong as its weakest link. As shown in the Clop Ransomware attack, even a network that is protected by antivirus and spam filter software can be penetrated if a malicious link is accidentally clicked on by an employee. Therefore, employee education on common phishing methods and signs to look out for should still be a top priority for your organization’s cybersecurity strategy.
- Following the attack, Maastricht University employed Fox-IT to conduct an independent investigation on the incident. In their audit, Fox-IT discovered that the malware was able to leverage a server that was missing critical patches that fixed known vulnerabilities. Exploiting this single security hole allowed the attackers to spread the malware to 267 Windows servers. This highlights the importance of keeping your organization’s server OS up-to-date.
GIGE IT Solutions can keep your organization protected from ransomware. We manage all your servers and workstations to ensure that they are always up-to-date and protected from malware such as ransomware. Call us at +1 888 366 4443 or email us at info@gige.ca to get started.