A ransomware attack has cost a university in Canada more than $15,000, after the school’s network was compromised and brought to a near standstill.
The University of Calgary said it was hit by the ransomware attack about 10 days ago and many portions of the college’s network were affected. The IT department has been working on restoring the services that had been taken offline because of the attack, including the university’s email system. School officials said that in order to restore their systems, they had to pay a ransom of $20,000 Canadian to the attackers.
“The expertise of our IT department allowed the university to isolate the effects of the attack and make significant progress towards restoration of the affected portions of our systems. As of Monday, June 6, email was available for faculty and staff. There is no indication that any personal or other university data was released to the public,” Linda Dalgetty, the university’s vice president of finance and services, said in a statement.
The attack on the University of Calgary involves one of the larger ransoms known to have been paid up to this point. Most ransomware attacks have targeted consumers, but attackers have begun to turn their attention to enterprises lately. Businesses typically are better defended, but they also have many more machines available to infect. Infecting one consumer’s machine with ransomware could earn an attacker $100 or so, but an attacker who finds a way onto an enterprise network and is able to infect dozens or hundreds of machines could get a much larger payday.
In February, Hollywood Presbyterian Medical Center was hit by a ransomware attack that encrypted much of the hospital’s network. The hospital ended up paying about $17,000 in Bitcoin to decrypt the files. And researchers have discovered some variants of ransomware, such as SamSam, that are self-replicating, a feature that can lead to quick and devastating results on a corporate network.
Although the University of Calgary has paid the ransom, Dalgetty said the investigation into the attack is still going on.
“The university is now in the process of assessing and evaluating the decryption keys. The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data. A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time,” Dalgetty said.
“The university is working with various experts in this field, and because this was a criminal act, the Calgary Police Service has been brought in as part of the investigation. As this is an active investigation, we are not able to provide further details on the nature of the attack, specific actions taken to address it, or how or if decryption keys will be used.”