Louie Villanueva

University of Calgary pays $20,000 ransom to cyber attackers

By Scott Strasser, June 7 2016 —

The University of Calgary was forced to pay a $20,000 ransom to cyber attackers who hacked U of C computer systems over the May 28–29 weekend.

The malware attack disabled access to several U of C computer services, including the AirUC-Secure wi-fi network and Office 365 webmail.

The university’s IT department restored all services by May 31 except for Exchange email and Skype for Business.

According to a June 7 statement from U of C vice-president finance and services Linda Dalgetty, the malware attack was a “ransomware” attack.

A ransomware attack involves a hacker locking or encrypting computers or networks until a ransom is paid. Once paid, decryption methods are
provided to victims.

“This attack is part of a disturbing global trend of highly sophisticated and malicious malware attacks against organizations including NASA, law enforcement agencies and large healthcare institutions,” Dalgetty said. 

Dalgetty said the university is now assessing and evaluating the decryption keys the hackers provided once the $20,000 ransom was paid.

“The actual process of decryption is time-consuming and must be performed with care,” Dalgetty said. “A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time.”

The malware attack resulted in the IT department creating 9,000 new Office 365 email accounts for U of C staff members over the past week.

According to a May 31 systems update from IT, the new accounts were for Cyrus and Exchange users. Those already using Office 365 were unaffected.

The accounts were created in three waves in the last week. Old data from Exchange email accounts will be migrated to the new accounts in the ensuing weeks.

According to Dalgetty, email was available to all faculty and staff by June 6 and no personal information or university data was compromised.

Dalgetty noted that decryption keys provided in ransomware attacks do not automatically restore all systems or guarantee the recovery of all data.

Calgary Police Services are now investigating the attack.

“As this is an active investigation, we are not able to provide further details on the nature of the attack, specific actions taken to address it, or how or if decryption keys will be used,” Dalgetty said.


Hiring | Staff | Advertising | Contact | PDF version | Archive | Volunteer | SU

The Gauntlet