Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

University of Calgary Pays $20,000 to Restore Systems After Ransomware Attack

Ransomware has been long recognized as a global threat, capable of hitting enterprises and consumers, and the University of Calgary is the latest organization to have fallen victim to this type of cyber-attack.

Ransomware has been long recognized as a global threat, capable of hitting enterprises and consumers, and the University of Calgary is the latest organization to have fallen victim to this type of cyber-attack.

Today, the university announced that a ransomware attack hit its systems several days ago and that it was forced to give in and pay the demanded $20,000 CAD (around $15,000 USD) ransom to regain access to encrypted files. The university has also contacted authorities to investigate the issue, and says that its IT teams are working on addressing the issue.

Ransomware attacks have been detailed numerous times over the past several months, mainly because of an impressive increase in the number of malware families used and the broad range of targets. A dominating cyber-threat, ransomware provides cybercriminals with the prospect of fast income over small investment. Furthermore, ransomware does not require advanced technical skills to be used, mainly because some employ it as a service.

In a statement published on the university’s website, Linda Dalgetty, Vice-President, Finance and Services, said that the organization decided to pay the ransom as “part of efforts to maintain all options” to resolve the issues affecting its systems. However, she also confirms that it was a ransomware attack, which involves encrypting data on computers and computer networks.

Typically during a ransomware attack, after the data has been encrypted, the malware displays a ransom note that directs users to a payment page. Payments are usually made using crypto currencies, as they provide anonymity, and, as soon as the ransom has been paid, cybercriminals provide victims with keys that can be used to decrypt their files.

Dalgetty notes that the university is in the “process of assessing and evaluating the decryption keys,” but also warns that the “actual process of decryption is time-consuming and must be performed with care.” She explains that “these decryption keys do not automatically restore all systems or guarantee the recovery of all data. A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time.”

Although Dalgetty didn’t offer details on the malware that was used in this attack, she did reveal that the incident happened 10 days ago and that the UCalgary IT teams managed to isolate the effects of the attack and to restore some of the systems. On Monday, they restored access to email for faculty and staff, she said, adding that there is no indication that users’ personal data or other university data was released to the public during this attack.

Ransomware usually spreads via spam email campaigns and exploit kits, but there are also families that employ other techniques, such as RDP brute force attacks or removable drives. Cybercriminals were also observed using compromised RDP servers in corporate ransomware attacks, as well as via malicious versions of legitimate applications.

Advertisement. Scroll to continue reading.

Related: Indiana Hospital DeKalb Health Disrupted by Ransomware Attack

Related: LeChiffre Ransomware Hits Indian Banks, Pharma Company

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Kenna Security co-founder Ed Bellis has joined Empirical Security as Chief Executive Officer.

Robert Shaker II has joined application security firm ActiveState as Chief Product and Technology Officer.

MorganFranklin Cyber has promoted Nick Stallone and Ferdinand Hamada into newly created roles.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.