Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23.

UM is a university from the Netherlands with over 18,000 students, 4,400 employees, and 70,000 alumni, UM being placed in the top 500 universities in the world by five ranking tables in the last two years.

"Maastricht University (UM) has been hit by a serious cyber attack," the university announced on Christmas Eve, December 24.

"Almost all Windows systems have been affected and it is particularly difficult to use e-mail services. UM is currently working on a solution."

It is currently unknown if scientific data was also accessed or exfiltrated by the attackers during the attack, prior to the systems getting encrypted with the yet unnamed ransomware strain.

Extra security measures have been taken to protect (scientific) data. UM is investigating if the cyber attackers have had access to this data. - UM

All systems shut down temporarily

In an update published today, UM says that all the university's systems have been taken down as a precautionary measure during investigations.

"In order to work as safely as possible, UM has temporarily taken all of its systems offline," the update says. "Everything is aimed at giving students and employees access to the systems as soon as possible, possibly in phases."

However, seeing that the attack affected a vast majority of UM's computing systems, the amount of time needed to restore all the impacted computers is not yet possible to estimate.

"For the same reason, it is not possible to state with absolute certainty, which systems have been affected and which have not," UM adds. "This requires additional investigation."

The Executive Board and the deans of the faculties deeply regret the inconvenience this is causing for both students and staff. In the days to come, they want to see in what way students and staff who are experiencing problems due to this situation can be accommodated. - UM

At this time, UM's IT staff and external security specialists are working on repairing the affected systems and are also running a forensic investigation of the cyber-attack. The attack has also been reported to law enforcement as required by regulations in the Netherlands.

According to UM, the main focus right now is to make sure that the university's systems will be protected in the event of a future attack.

UM also says that employees and students can reach out to the ICT Servicedesk with questions related to the attack by sending an e-mail at info@m-u.nl using their private e-mails or by calling 043 38 85 101 today during office hours.

BleepingComputer asked Maastricht University for comment and for extra details regarding the ransomware attack but did not hear back at the time of publication.

Update December 30, 10:07 EST: UM says in a new update that "education at UM can be resumed on January 6. Some important systems that are required for this will be available online again from 2 January."

This primarily concerns information systems for students that are used for scheduling (inspection only), study materials (Blackboard / ELEUM) and the UM Student Portal as well. Availability does involve more limited functionality. Students will also have to change all their passwords from an external location, outside the UM WiFi network.

Update January 03, 16:46 EST: While no official announcement has been made regarding this, Clop ransomware seems to have been used in the attack according to reports from inside UM.

It’s almost a week since we got Clop ransomware at the UM. It’s been pretty stressful, but also inevitable, given the massive increase in ransomware (and other forms of attacks) targetting universities. @BogdanCovrig and I mapped some of the other incidents. pic.twitter.com/77KhXYLUhd — Catalina Goanta (@CatalinaGoanta) December 29, 2019

There's also an unconfirmed rumor that UM paid the ransom to decrypt the impacted systems.