The university’s regular spokesperson, Gert van Doorn, is currently on holiday in Germany. Elbersen knows the university well: he was its director of marketing and communication from 2013 to 2016.
Students and staff may wonder if Elbersen’s appointment means that UM will begin to inform them more actively about the situation. As yet, very little information has been released. There have already been some complaints about this, report news outlets like 1Limburg. “We still have to determine what information we can and can’t share,” says Elbersen. “We don’t want to exacerbate the situation. We shouldn’t play into the hands of the criminals behind this attack.”
UM has been in contact with said criminals. But how they made contact, whether they will do so again, whether they’re negotiating a ransom and, if so, how large the payment would be – none of that information is being released, says the spokesperson. “Some news outlets are reporting that we are negotiating. I never used that word.”
Information is definitively being shared internally. UM’s Executive Board met in Maastricht on 26 December and its deans and directors are receiving regular updates on the situation. One thing is clear: it will take some time for the situation to become clearer. “We’re talking about some five to six hundred IT systems, large and small, that may have been affected,” says Elbersen.
UM reported the cybercrime to the police on 26 December. The police came to UM for this, states the spokesperson. He further confirms there are no worries about the digital connection between UM and MUMC+, the academic hospital. "That wasn't affected", he says.
It is unclear whether the attack has affected any research data or data from patients and/or participants in medicine, biomedical sciences, health sciences and psychology. UM’s IT experts are being assisted by a few external specialists. It has not been released which company these specialists are connected to, or whether this company might be Fox-IT.
It is also unclear whether UM is insured against this type of crime. Elbersen: "Whether and to what extent UM is insured, is still being investigated."
Another relevant question is whether UM took steps to protect itself following the Clop ransomware attack on the University of Antwerp last October. It is now clear this was not the case, UM was unaware of this attack, although it is "connected to channels by which threats of this kind are announced", says Elbersen. Moreover, the damage done at UA was less because they made a lot of offline backups, untouchable for cyberattacks. UM, according to Elbersen makes on- and offline backups, depending on the speed with which data have to be restored. If speed is required, the backup stays online.
According to IT website Security.nl, the French government issued a formal warning about Clop ransomware in November after several French organisations – including a hospital – were hit.
The UM website says that UM students can approach the digital IT service desk if they have any questions. Few students have done so, says Elbersen. They can also call 043 38 85 101 during working hours today.