Maastricht Ransomware Case: A Year in Review in Light of 6 AMLD and OFAC

Cyber-attacks have always been considered a threat to many private and governmental institutions, even prior to the Covid-19 pandemic. Although ransomware cases were instrumental to many cyber-attack operations in 2019, an emphasis was given to the higher risk industries, and less to the lower risk realms and governmental institutions.

Academia, being the epitome of the lowest end of the low-risk industry, was never fully considered a viable source of ransomware. This false notion of security has led to an unprecedented attack in late December of 2019.

Maastricht University, one of the leading universities in the Netherlands and globally, has suffered an unprecedented attack on their servers, causing immense damage to the university and the Dutch high education system’s reputation as a whole.

In a period prior to the Covid-19 pandemic, which for some may see a lifetime ago, ransomware and cyberattacks had been conducted as an underlining current. The pandemic has raised and highlighted the issue of ransomware, due to the exceeding amounts of cases and the high volume of ransom demands. Yet, a year ago, an unprecedented attack on Maastricht University’s servers has led to a sincere wake-up call for the higher education system in the Netherlands and the EU.

The attack, that took place on December 23^rd 2019 targeted the university’s servers. The servers held valuable research, information of students and employees of the university, emails had been blocked, registration for exams and courses had been hindered, and files and programs of the university had been blocked.

The type of malware that was used is Clop ransomware, which includes the full blocking of access to the university servers.

The university was then faced with a choice of either paying a ransom of 200,000 to 300,000 EUR that was demanded in Bitcoin Bitcoin While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that Read this Term. The good faith shown by the university in the payment was not considered worthy by the hackers, and they only released part of the information held by them. This led to an on-going investigation and management of the breach by the university and Fox-IT BV.

Although being a US-issued document, OFAC Recommendations on ransomware answers the most pivotal questions, that Maastricht University had to answer, in the most clear-cut method possible.

The initial crystallization of allowing payment of a ransom in Cryptocurrencies Cryptocurrencies By using cryptography, virtual currencies, known as cryptocurrencies, are nearly counterfeit-proof digital currencies that are built on blockchain technology. Comprised of decentralized networks, blockchain technology is not overseen by a central authority.Therefore, cryptocurrencies function in a decentralized nature which theoretically makes them immune to government interference. The term, cryptocurrency derives from the origin of the encryption techniques that are employed to secure the netw By using cryptography, virtual currencies, known as cryptocurrencies, are nearly counterfeit-proof digital currencies that are built on blockchain technology. Comprised of decentralized networks, blockchain technology is not overseen by a central authority.Therefore, cryptocurrencies function in a decentralized nature which theoretically makes them immune to government interference. The term, cryptocurrency derives from the origin of the encryption techniques that are employed to secure the netw Read this Term, on any level, bypasses the EU framework and may have helped Maastricht University in their on-going handling of the attack.

OFAC has declared that assisting ransom in cryptocurrency cases is not deemed compliant with the US regulations, to an extent that companies and individuals which will assist the ransomware, will be considered aiding the attack. Be that as it may, it is possible to receive special permission from OFAC for subjecting their crypto platform to the execution of the ransom payment.

6 AMLD is the most updated piece of legislation, on a Directive level, in the EU. The notion of money laundering has been discussed to a great extent by the EU regulators, yet not sufficiently enough. Due to the fact that

cryptocurrencies are not harmonized on a regulatory level, leads to many lacunas in the market, which in turn lead to unclear cases on how to deal with cryptocurrencies, ransomware and related topics on an EU level. It would be wise that ESMA would take an initiative and follow their American colleagues in asserting a framework on a pan- EU level. Thus, how can one expect the EU to follow their US counterparts when its own institutions do not initiate negotiations between one another?

The bizarre notion of EU agencies and institutions not corresponding with one another is not a novelty. The EBA issued a statement in which cryptocurrencies should be regulated on an international level, yet the only public correspondence between the EBA and ESMA is dated to August 2019, which is completely irrelevant in a post-Covid 19 era. There is no CTF/ AML task force on the EU level, and as it seems, it is unlikely to be formed prior to the end of the pandemic. This leads to the understanding that institutions in the EU are left to take care of their own cyber and AML practices and compliance, with no real guidance from the EU.

Why the attackers targeted Maastricht University, and whether it was initiated by dissatisfied former students, or other individuals, is yet to be discovered. However, academia and universities in the EU should take this unpleasant lesson, to say the least, as an example of how cyber practices should be conducted and how to prevent similar situations in the future.

Covid-19 may have increased the risk of ransom cases, but there is not a single target that is fully immune to the risk of cyber-attacks.

Miss Ella Rosenberg, an EU Regulatory and Defense Fintech Expert, and Mr Aviel Marciano, an HLS and due diligence expert, produced this article as a combined effort.