After the hack come the questions: could this have been prevented?
MAASTRICHT. It could take weeks before all the effects of the cyberattack have been eliminated. But last Monday, education programmes started up again with hardly any problems. On Tuesday, the e-mail system was back online again and the network disks that are so important to researchers, were fully accessible. Sister universities are meanwhile taking additional measures.
Maastricht University was hit by the so-called Clop virus, ransom software that cybercriminals use to lock down computer systems and only release them after payment of a ransom. The UM also paid the hackers a ransom, as Observant found out after New Year’s Day from well-informed sources. The UM does not want to confirm or deny. But according to experts, the fact that after only two weeks a large portion of the IT systems are working again, indicates that they have indeed paid. The amount involved would be a couple of hundred thousand euro in bitcoins.
From the very beginning, the university did everything in its power to have the university reopen for education programmes on 6 January. They were successful. Furthermore, the Executive Board decided rather quickly to offer resits to all students who couldn’t properly prepare for their exams due to the cyberattack. Students who have been “demonstrably disadvantaged” in other ways may appeal to the leniency regulation that is currently being drafted.
Not everyone was able to get back to work again last Monday. A number of employees, including those from the department of Finance and the archive (ADP) were sent home because certain programmes were not available. Everyone was present again on Tuesday, but an important programme such as Corsa (an archiving system with personnel files, student files, board archives, et cetera) was still not working. The Internet is not accessible either, and printing, scanning and copying are not possible. But most of the systems that are relevant for students and/or staff, are back online, as appeared from the overview on the UM website.
Now that the first storm has blown over, questions are being asked: Could this attack have been prevented? National Co-ordinator for Counterterrorism and Security, Pieter-Jaap Aalbersberg, was critical in the radio programme Dit is de Dag last Tuesday: “Was there a backup? Were the systems there separated from each other? If that wasn’t the case, I hope that this is a wake-up call for other universities and universities of applied sciences. If you have good backups, adequately separated systems, and software updates, you won’t be vulnerable for this. Awareness needs to be increased.”
A number of sister institutes – all of which were immediately informed by the UM after the attack – are now taking extra precautions. The University of Amsterdam, for example, is improving its “backup systems” and the entire IT infrastructure is being monitored with extra care, university newspaper Folia reported. Leiden University has also tightened up the security of its systems.
In a few weeks’ time, when all systems are working again, the UM will publish an investigation report.