Next-Generation Technologies & Secure Development

University of Calgary Pays Ransom

Canadian School Shells Out $15,700 to Ransomware Attackers
University of Calgary Pays Ransom

Yet another organization has acknowledged it opted to pay cyberattackers after its systems were infected with ransomware, the file-encrypting malware that has become one of the most dreaded menaces across the internet.

See Also: The Gorilla Guide to Modern Data Protection

The University of Calgary paid CA$20,000 (US$15,700) and "is now in the process of assessing and evaluating the decryption keys," according to a statement from Linda Dalgetty, vice president for finance and services.

"The actual process of decryption is time-consuming and must be performed with care," Dalgetty writes. "A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time."

Ransomware Explosion

Ransomware has been around for more than a decade, but attacks have exploded in the past couple of years. Consumers appeared to be more affected at first, with ransoms in the range of a few hundred dollars, usually payable in bitcoin. But attackers are diversifing their targets and demanding more expensive ransoms from large companies and organizations.

In late April, the FBI warned of potentially "catastrophic" impacts to organizations such as schools and hospitals if a ransomware infection occurred. It advised educating users about ransomware, using security software, implementing robust access controls, patching applications and ensuring data is backed up.

But it's clear that many are still being caught off guard, stuck in the unenviable position of either taking a loss of data on the chin or the ethically ambiguous path of paying attackers to obtain the decryption keys.

In February, Hollywood Presbyterian Medical Center in Los Angeles said it paid $17,000 after determining that paying the ransom was the "the quickest and most efficient way to restore our systems and administrative functions." (See: Ransomware: Healthcare Fights Back.)

After confusion over reported comments by an FBI official last year, the agency firmly says that ransoms should not be paid. Such payment "emboldens the adversary to target other organizations for profit, and provides for a lucrative environment for other criminals to become involved," according to an FBI guide on ransomware.

Active Investigation

In Calgary, the university says it started communicating about its cyberattack in late May. It restored email for faculty and staff on June 6. But it warned that obtaining the decryption keys did not mean that all systems could be restored and data recovered.

The Calgary Police Service is working with the university. "As this is an active investigation, we are not able to provide further details on the nature of the attack, specific actions taken to address it, or how or if decryption keys will be used," Dalgetty writes.

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.