Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

University of Calgary Pays $20,000 to Restore Systems After Ransomware Attack

Ransomware has been long recognized as a global threat, capable of hitting enterprises and consumers, and the University of Calgary is the latest organization to have fallen victim to this type of cyber-attack.

Ransomware has been long recognized as a global threat, capable of hitting enterprises and consumers, and the University of Calgary is the latest organization to have fallen victim to this type of cyber-attack.

Today, the university announced that a ransomware attack hit its systems several days ago and that it was forced to give in and pay the demanded $20,000 CAD (around $15,000 USD) ransom to regain access to encrypted files. The university has also contacted authorities to investigate the issue, and says that its IT teams are working on addressing the issue.

Ransomware attacks have been detailed numerous times over the past several months, mainly because of an impressive increase in the number of malware families used and the broad range of targets. A dominating cyber-threat, ransomware provides cybercriminals with the prospect of fast income over small investment. Furthermore, ransomware does not require advanced technical skills to be used, mainly because some employ it as a service.

In a statement published on the university’s website, Linda Dalgetty, Vice-President, Finance and Services, said that the organization decided to pay the ransom as “part of efforts to maintain all options” to resolve the issues affecting its systems. However, she also confirms that it was a ransomware attack, which involves encrypting data on computers and computer networks.

Typically during a ransomware attack, after the data has been encrypted, the malware displays a ransom note that directs users to a payment page. Payments are usually made using crypto currencies, as they provide anonymity, and, as soon as the ransom has been paid, cybercriminals provide victims with keys that can be used to decrypt their files.

Dalgetty notes that the university is in the “process of assessing and evaluating the decryption keys,” but also warns that the “actual process of decryption is time-consuming and must be performed with care.” She explains that “these decryption keys do not automatically restore all systems or guarantee the recovery of all data. A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time.”

Although Dalgetty didn’t offer details on the malware that was used in this attack, she did reveal that the incident happened 10 days ago and that the UCalgary IT teams managed to isolate the effects of the attack and to restore some of the systems. On Monday, they restored access to email for faculty and staff, she said, adding that there is no indication that users’ personal data or other university data was released to the public during this attack.

Ransomware usually spreads via spam email campaigns and exploit kits, but there are also families that employ other techniques, such as RDP brute force attacks or removable drives. Cybercriminals were also observed using compromised RDP servers in corporate ransomware attacks, as well as via malicious versions of legitimate applications.

Related: Indiana Hospital DeKalb Health Disrupted by Ransomware Attack

Related: LeChiffre Ransomware Hits Indian Banks, Pharma Company

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.