University of Calgary Pays Hackers $20,000 After Ransomware Attack

The University of Calgary paid a $20,000 ransom in untraceable Bitcoins to shadowy hackers after a devastating malware attack.

Linda Dalgetty, the school’s vice-president of finance and services, said the cyberattack that crippled multiple systems on May 28 used so-called ransomware, which locks or encrypts computers and networks until a monetary ransom is paid.

She said officials agreed to pay the ransom to ensure critical systems could be restored, but noted it will take some time for the university’s IT staff to apply the encryption keys to the infected machines.

“What happens is you pay the ransom and the bad guys physically provide the keys,” Dalgetty said Tuesday, noting more than 100 computers were affected by the virus.

“At this point, we do have some encrypted machines. We have not used any of the decryption keys.”

Dalgetty said university IT teams have been working around the clock for more than a week trying to fix the bug that affected email, Skype, wireless networks and other services. Users of university-issued computers were also advised to leave them off while under threat from the hackers.

In order to receive the keys, the school paid the equivalent of $20,000 CDN in Bitcoins, a digital currency considered largely anonymous and untraceable. As of Wednesday, the price in Canadian dollars for one Bitcoin is $739.65.

As for why the U of C admitted it paid the ransom, as well as releasing the cost, Dalgetty said it’s an effort to be transparent.

“We’re a public sector organization and we pride ourselves on our openness,” she said.

Kathy Macdonald is a former Calgary police officer and now a cybersecurity specialist who speaks across North America.

She said that a large organization such as the U of C was targeted is no surprise, as those who engage in so-called spear phishing often attack larger institutions in hopes of securing an easy payday.

“Typically, the attack comes through a phishing email targeted generally at a privileged employee that looks like it’s from somebody important,” said the 25-year veteran of Calgary’s police force.

“And once it’s in, it holds your system for ransom.”

She said hackers often do significant reconnaissance before mounting a cyber attack, noting social media, particularly LinkedIn, is a “treasure trove of information about an organization.”

As the attacks become more prevalent, large organizations such as hospitals, universities and even government agencies are being forced to pay the ransoms to free their shackled systems.....

culled -calgaryherald.com