University of Calgary paid $20K in ransomware attack

The University of Calgary paid a demanded $20,000 after a "ransomware" cyberattack on its computer systems.

The university announced the ransom payment Tuesday, a week after the initial attack.

"As part of efforts to maintain all options to address these systems issues, the university has paid a ransom totallingabout $20,000 Cdnthat was demanded as part of this ransomwareattack," LindaDalgetty, vice-president of finances and services, said in a release.

• University of Calgary cyber attack part of increasing problem, experts say
• Ransomware: What you need to know
• Bitcoinransom demanded by hackers of Calgary wine store

"Aransomwareattack involves an unknowncyberattackerlocking or encrypting computers or computer networks until a ransom is paid, and when it is, keys, or methods of decryption, are provided," the release said.

"There is no indication that any personal or otheruniversity data was released to the public,"Dalgettysaid.

University officials don't know the source of theransomwarecyberattack, or if it was one person,a group, local or international. There had been one minor data breach at the school, but this attackwas different because it encrypted the university'semailserver.

"What we do know is that when we first identified the encryption, we did get a ransom note," saidDalgettyat a news conference on Tuesday. "So that's how we knew it wasransomware. And we also knew that it was likely someone external whohad likely planted thatransomware," she said.

The decision was made to pay the ransom"because we do world-class research here and we did not want to be in a position that we had exhausted the option to get people's potential life work back in the future if they came today and said, 'I'm encrypted, I can't get my files,'" saidDalgetty. "We did that solely so we could protect the quality and the nature of the information we generate at the university."

Decryption successful

Even though the ransom has been paid,there was no guarantee that the problem would besolved. ButDalgettysaid thatthe university has been able to confirmthe decryption keys work.

Thecyberattacktargeted only staff and facultyemails, not students. But for a time, staff and students were being warned not touse any school-issued computers and couldn't accessemail.

Theuniversity continues toworktowardgetting the files that were lockedback online.

The university credited its IT department with being able to isolate the effects of the attack and "make significant progress towards restoration of the affected portions of our systems."

Asof Monday, June 6,emailwas available for faculty and staff.

Besidesconsulting cyberexperts in the field,the university calledin theCalgary Police Service to investigate, because amalwareattack isconsidered a criminal act.

The university said that the investigation is continuing, but that no further details would be provided about the attack or actions taken to counteract it.

Ransomwareattacks are becoming an increasing problem in what the university called "a disturbing global trend of highly sophisticated and maliciousmalwareattacks against organizations including NASA, law enforcement agencies and large health-care institutions."

• Mark Zuckerberg's social media accounts hacked
• Mark Zuckerberg hack a cautionary tale about password security