Ransomware Hits Maastricht University, All Systems Taken Down

Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23.

UM is a university from the Netherlands with over 18,000 students, 4,400 employees, and 70,000 alumni, UM being placed in the top 500 universities in the world by five ranking tables in the last two years.

"Maastricht University (UM) has been hit by a serious cyber attack," the university announced on Christmas Eve, December 24.

"Almost all Windows systems have been affected and it is particularly difficult to use e-mail services. UM is currently working on a solution."

It is currently unknown if scientific data was also accessed or exfiltrated by the attackers during the attack, prior to the systems getting encrypted with the yet unnamed ransomware strain.

All systems shut down temporarily

In an update published today, UM says that all the university's systems have been taken down as a precautionary measure during investigations. 

"In order to work as safely as possible, UM has temporarily taken all of its systems offline," the update says. "Everything is aimed at giving students and employees access to the systems as soon as possible, possibly in phases."

However, seeing that the attack affected a vast majority of UM's computing systems, the amount of time needed to restore all the impacted computers is not yet possible to estimate.

"For the same reason, it is not possible to state with absolute certainty, which systems have been affected and which have not," UM adds. "This requires additional investigation."

At this time, UM's IT staff and external security specialists are working on repairing the affected systems and are also running a forensic investigation of the cyber-attack. The attack has also been reported to law enforcement as required by regulations in the Netherlands.

According to UM, the main focus right now is to make sure that the university's systems will be protected in the event of a future attack.

UM also says that employees and students can reach out to the ICT Servicedesk with questions related to the attack by sending an e-mail at info@m-u.nl using their private e-mails or by calling 043 38 85 101 today during office hours.

BleepingComputer asked Maastricht University for comment and for extra details regarding the ransomware attack but did not hear back at the time of publication.