University of Calgary pays $15,000 to criminal ransomware attackers

 

What happens if you pay give in to criminal demands? Simple – the criminals keep committing crimes.

But what happens if you get struck by a ransomware attack, and don’t have proper backups to restore your precious data? Potentially you’re stuck in a quandary.

No-one likes to send a message to malicious hackers that crime pays, but that sadly is what the University of Calgary appears to have done.

Yesterday, in a press release, Vice President Linda Dalgetty revealed that approximately $20,000 CDN (US $15,600) had been paid to extortionists who had hit the Canadian university’s systems with a vicious ransomware attack.

Problems started for the University of Calgary a week-and-a-half ago, when a malware attack disrupted the campus’s email, Skype, wireless networks and Active Directory systems.

As the local media reported at the time, classes continued as normal but staff were warned not to use any university-issued computers and to stay off University of Calgary networks.

Clearly, despite their best efforts in the wake of the attack, the university’s IT team was unable to achieve a proper recovery. And so, the university paid the ransomware attackers’ Bitcoin ransom:

“As part of efforts to maintain all options to address these systems issues, the university has paid a ransom totalling about $20,000 CDN that was demanded as part of this “ransomware” attack. A ransomware attack involves an unknown cyberattacker locking or encrypting computers or computer networks until a ransom is paid, and when it is, keys, or methods of decryption, are provided. Ransomware attacks and the payment of ransoms are becoming increasingly common around the world.”

And the university is right. A lot of people are choosing to pay extortionists after their computer systems are compromised, and their data locked up with uncrackable encryption algorithms.

The rise of ransomware has been one of the biggest computer stories of the last couple of years, and has proven an effective way for online criminals to make a vast amount of money.

And much as it leaves an unpleasant taste in the mouth to give in to cybercriminals, I am sympathetic with businesses who find themselves having to make the pragmatic decision to pay up in order to stay in business.

Of course, that’s not the complete end to the story.

As Dalgetty describes, even with the decryption keys handed over by the cybercriminals, full recovery of encrypted data might take some time:

“A ransomware attack involves an unknown cyberattacker locking or encrypting computers or computer networks until a ransom is paid, and when it is, keys, or methods of decryption, are provided. Ransomware attacks and the payment of ransoms are becoming increasingly common around the world. The university is now in the process of assessing and evaluating the decryption keys. The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data. A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time.”

As I’ve said many times before – it’s always better to be in a position of preventing a security incident rather than mopping up afterwards. With ransomware that is particularly important, as often the only way to recover your data (if precautions such as secured backups have not been made in advance) is to take the unpleasant step of paying the very people who are attacking you.

You don’t want to find yourself in the same position as the University of Calgary. Be sure to check out my tips on how to prevent your business suffering a ransomware attack before it happens to you.