Photographer:Fotograaf: Loraine Bodewes
A number of IT systems accessible again on 2 January; Questions in parliament about payment of ‘ransom’
MAASTRICHT. The consequences of the cyber-attack on Maastricht University have been solved to such a degree that education programmes can be resumed on 6 January 2020 as planned. The UM has stated this in a new update on its website. Resits that have been scheduled, will also take place in that week because a number of IT systems necessary for education and students will be back online on 2 January. This includes the UM Student Portal, Blackboard, Eleum and the system that provides access to the study timetables.
Some of the hardship has been dealt with, although there is mention of “limited functionality,” spokesman Fons Elbersen says. “But enough to keep education and exams up and running.” Students will need to change passwords from an external location, so away from the UM’s Wi-Fi network. Instructions for this will appear on the website as soon as they log in.
The Executive Board decided today to provide students who were unable to prepare properly for their exams because of the cyber-attack, with an extra resit. Exactly how and when will be made known shortly. In addition, there will also be a goodwill arrangement for students who “have been demonstrably disadvantaged” in another way, for example because they could not work on their theses or papers as sources were unavailable. The same applies here: exact rules will follow as soon as possible.
In the meantime, speculations in the media about the UM’s hack with ransomware are ongoing. For example, the question whether the UM could not have safeguarded its systems better, is still relevant. NRC reported that UM spokesman Elbersen had said that the security was ‘adequate’. Elbersen: “The only thing I said was that we always seek for an optimum between accessibility and security. We thought that we had found a good balance, but that appears not to be the case.”
Elbersen will not answer any questions about ransom payment, he says. Nor does he want to answer the more specific question whether the repairs of certain systems as reported today are purely due to the technical ingenuity of the repair team within the UM, or that indeed payment was made in exchange for the ‘key’. Experts reported in various media, including De Limburger, that repairing systems takes so long that in practice almost always the choice is made to pay the criminals, no matter how much the affected institutes abhor the idea. It was made known today that VVD members of parliament have asked the Minister of Education about the consequences of the hack and any payment by the UM.
For the time being, a growing group of staff members are busy putting matters back in order as soon as possible. In addition to technicians, they now include helpdesk staff and employees from the education bureau as well as marketing and communication. The directors have consultations on a daily basis, the Executive Board convenes regularly, also with the deans. The vice chair of the Executive Board, Nick Bos, is head of the crisis management team (CMT). Elbersen estimates that a total of fifty to sixty people is hard at work every day.
The question has also been raised here and there whether the burglary into a UM building in Randwijck at the beginning of October, when a number of hard discs were stolen from computers, is linked to the present hack. According to Elbersen, this is out of the question. “That is 99 per cent certain.”
The UM has repeatedly requested that staff and students do not work within the UM systems. “There are still people doing that,” says Elbersen, “but something like that can impede repairs. Staff from the UM and Fox-IT must be able to work without being disturbed. And it is no good to you anyway, because if you do gain access, you can’t save anything.”
Wammes Bos and Riki Janssen