Staff working “day and night” to recover after the attack

Dec 28, 2019 22:43 GMT  ·  By

Maastricht University is the latest victim of ransomware, as hackers managed to compromise its Windows systems on December 23.

The Dutch university announced on December 24 that email services were particularly affected after “almost all Windows systems” were compromised by the ransomware infection.

The staff was working day and night to recover after the attack, the university said in a December 27 update, explaining that it makes big efforts to minimize the impact on education and research employees and students.

No details have been provided on the type of ransomware deployed on the devices or the hacker group that launched the attack. The university could not confirm if the malicious actors obtained access to data and any information was extracted before the systems were locked by the ransomware infection.

“UM is currently working on a solution. Extra security measures have been taken to protect (scientific) data. UM is investigating if the cyber attackers have had access to this data. It is unclear how much time UM needs to find a solution, but it will definitely take a while for the systems to be fully operational again,” the university said in its original announcement.

Recovery under way

Maastricht University explains that it has already filed a report with law enforcement and is now working with experts for further investigation and on recovering after the attack.

“IT staff at UM, along with external specialists in this field, have been working all-out since the discovery of the attack. The current phase involves forensic investigation and repairs. The primary focus is on developing solutions which ensure the university will be as protected as possible against these types of attacks in the future,” it said.

All systems have been taken offline, and the university expects to bring them back online in stages.

“In order to work as safely as possible, UM has temporarily taken all of its systems offline. Everything is aimed at giving students and employees access to the systems as soon as possible, possibly in phases. Given the size and extent of the attack, it is not yet possible to indicate when that can be done exactly. For the same reason, it is not possible to state with absolute certainty, which systems have been affected and which have not. This requires additional investigation,” MU explained.

The university says temporary helplines for students and staff will go live soon. All buildings will be open from January 2.