Two schools, two ransomware attack and two different outcomes.

The Allegheny Intermediate Unit school system was able to fend off a recent ransomware attack using back up files, meanwhile the University of Maastricht just disclosed it paid 30 bitcoins to regain control of its encrypted computer network.

Allegheny Intermediate Unit (AIU), a regional public education agency that is part of Pennsylvania’s public education system, reported that portions of its network recently were hit with ransomware with the attackers demanding a ransom payment to restore the files. The school system refused to pay the unnamed amount.

AIU interim director Rosanne Javorsky hired an outside security firm to lock down and restore the system using back up files.

“The AIU had backup versions of the most critical information and was able to restore access to the vast majority of the impacted files without engaging or paying the intruder. To ensure the integrity of our systems and avoid similar incidents in the future, we are reviewing our policies and procedures and continuing to enhance the security of our information systems,” she said.

AIU does not believe any information was removed from its system.

However, The University of Maastricht, was unable to recover from a December 24, 2019 attack, Tripwire reported. The university hired the security firm Fox-IT which traced the attack to the cybergang TA505 who used a phishing email most likely containing a malicious document to download the malware. The school reported that the lost data contained student and scientific work and the overall damage to the institution was very severe.

IT News reported the school considered rebuilding its system from scratch, but in the end opted to pay the 30 bitcoin ransom, or about $300,000.

TA505 is a well-known threat group that has hit a variety of targets at least one U.S. based electrical company, a U.S. state government network and one of the 25 largest banks in the world. The gang is known for spreading Dridex, TrickBot and Locky malware, and is widely considered synonymous with the alleged Russian cybercriminal outfit Evil Corp.