CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?



University of Calgary Pays $20,000 to Restore Systems After Ransomware Attack

Ransomware has been long recognized as a global threat, capable of hitting enterprises and consumers, and the University of Calgary is the latest organization to have fallen victim to this type of cyber-attack.

Ransomware has been long recognized as a global threat, capable of hitting enterprises and consumers, and the University of Calgary is the latest organization to have fallen victim to this type of cyber-attack.

Today, the university announced that a ransomware attack hit its systems several days ago and that it was forced to give in and pay the demanded $20,000 CAD (around $15,000 USD) ransom to regain access to encrypted files. The university has also contacted authorities to investigate the issue, and says that its IT teams are working on addressing the issue.

Ransomware attacks have been detailed numerous times over the past several months, mainly because of an impressive increase in the number of malware families used and the broad range of targets. A dominating cyber-threat, ransomware provides cybercriminals with the prospect of fast income over small investment. Furthermore, ransomware does not require advanced technical skills to be used, mainly because some employ it as a service.

In a statement published on the university’s website, Linda Dalgetty, Vice-President, Finance and Services, said that the organization decided to pay the ransom as “part of efforts to maintain all options” to resolve the issues affecting its systems. However, she also confirms that it was a ransomware attack, which involves encrypting data on computers and computer networks.

Typically during a ransomware attack, after the data has been encrypted, the malware displays a ransom note that directs users to a payment page. Payments are usually made using crypto currencies, as they provide anonymity, and, as soon as the ransom has been paid, cybercriminals provide victims with keys that can be used to decrypt their files.

Dalgetty notes that the university is in the “process of assessing and evaluating the decryption keys,” but also warns that the “actual process of decryption is time-consuming and must be performed with care.” She explains that “these decryption keys do not automatically restore all systems or guarantee the recovery of all data. A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time.”

Although Dalgetty didn’t offer details on the malware that was used in this attack, she did reveal that the incident happened 10 days ago and that the UCalgary IT teams managed to isolate the effects of the attack and to restore some of the systems. On Monday, they restored access to email for faculty and staff, she said, adding that there is no indication that users’ personal data or other university data was released to the public during this attack.

Ransomware usually spreads via spam email campaigns and exploit kits, but there are also families that employ other techniques, such as RDP brute force attacks or removable drives. Cybercriminals were also observed using compromised RDP servers in corporate ransomware attacks, as well as via malicious versions of legitimate applications.

Advertisement. Scroll to continue reading.

Related: Indiana Hospital DeKalb Health Disrupted by Ransomware Attack

Related: LeChiffre Ransomware Hits Indian Banks, Pharma Company

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...