A Dutch university recovered Bitcoin it paid in a ransomware attack—and now it’s worth $510,000, twice its value at the time
A Dutch university has managed to successfully recover a ransom paid to hackers in 2019 and plans to use recouped funds to help students in need.
The ransomware attack at the University of Maastricht occurred on December 23, 2019, and it prevented students and staff from gaining access to email, research and data platforms.
The university ended up paying 30 Bitcoins in ransom, which at the time was worth about 197,000 euros ($218,000), according to a spokesperson from the university. The payment was made after “extremely difficult deliberations” in which university officials weighed police advice and the moral objection against paying ransom against the interests of students and staff who could no longer access their data.
In April this year, however, the Dutch public prosecution service was able to trace and seize some of the ransom: cryptocurrencies had increased in value to approximately 500,000 euros ($510,000), according to a statement from the university on Saturday.
An important factor in the investigation was investigators ability to trace the cryptocurrency, as Dutch police saw the Bitcoins being funneled into different wallets.
Police froze a crypto wallet in early 2020 which contained part of the paid ransom, according to the university. The value of the cryptocurrencies at that time was 40,000 euros.
Meanwhile, an information request submitted to the broker hosting a wallet that received 4.5 Bitcoins led to the authorities tracking down its owner — a Ukrainian individual who police didn’t identify. Dutch police traveled to Ukraine in 2021 and worked closely with local law enforcement there to complete the seizure.
The assets were then transferred to the government and were directly converted into regular fiat. Police declined to say who was behind the attack.
“You can compare it to a home burglary,” said Metten Bergmeijer, team leader from the cybercrime team of the Limburg police. “As the police, we do not repair the door that the burglars destroyed, but we are interested in the fingerprints or other traces left on that door in our investigation.”
Despite the jump in value, the recovered sum does not exceed the costs incurred by the university, a spokesperson told Bloomberg. When the advisory fees of rebuilding the university’s cybersecurity architecture are taken into account, the total damage exceeds the amount recovered.
The university is planning to use the retrieved funds for students in need, whether to compensate those hardest-hit by the pandemic, or other vulnerable students.
Sign up for the Fortune Features email list so you don’t miss our biggest features, exclusive interviews, and investigations.