Case Study: Maastricht University strengthens cyber crisis response with SURF

What Maastricht University learned from the ransomware attack

Maastricht University faced a major disruption when it fell victim to a ransomware attack that compromised 267 servers. The university engaged the vendor SURF, specifically its SURFcert team, for assistance in managing the crisis, alongside other external partners. The primary challenge was to regain control of its encrypted systems with minimal long-term impact on its teaching and research activities.

The solution from SURF and its partners included providing critical advice, forensic investigation, and monitoring throughout the incident. As a result, Maastricht University received a key to unlock its systems after paying a ransom, a decision made to ensure continuity. A subsequent investigation found no evidence of data exfiltration. The university was praised for its adequate response and used the experience to significantly improve its security policies, sharing the lessons learned with other institutions to help them better prepare for similar threats.

Maastricht University

Bart van den Heuvel

Chief Information Security Officer