Maastricht University pulls all IT offline after ransomware attack

Maastricht University in the Netherlands has taken all its IT systems offline as it attempts to recover from a devastating ransomware attack launched two days before Christmas.

The attack impacted “almost all Windows systems” at the university, including email, and when it was first disclosed, the university was unclear how much time might be needed to recover its environment, nor what data might have been accessed.

“Extra security measures have been taken to protect (scientific) data,” it said at the time. “[We are also] investigating if the cyber attackers have had access to this data.”

In an update, the university said it is “currently working day and night on solutions for the major ransomware attack.” 

Its own IT staff “along with external specialists in this field, have been working all-out since the discovery of the attack.” 

“The current phase involves forensic investigation and repairs,” the university said.

“The primary focus is on developing solutions which ensure the university will be as protected as possible against these types of attacks in the future.”

The university’s executive board apologised to students and faculties and said it would work with both groups to accommodate their needs while systems remained offline.

“In order to work as safely as possible, [the university] has temporarily taken all of its systems offline,” it said. 

“Everything is aimed at giving students and employees access to the systems as soon as possible, possibly in phases. 

“Given the size and extent of the attack, it is not yet possible to indicate when that can be done exactly. 

“For the same reason, it is not possible to state with absolute certainty, which systems have been affected and which have not. This requires additional investigation.”

The university said it had filed a police report over the attack.