University of Calgary bows down to ransomware demands

The University of Calgary has handed over $20,000 CND to cybercriminals, who had launched a ransomware attack on the institution.

It revealed that 10 days after its systems were affected, it has been unable to fully restore its systems back to normal.

This is despite efforts by its IT department to “isolate the effects of the attack”, which has allowed it to return, for example, email back to working order.

“The university is now in the process of assessing and evaluating the decryption keys,”  Linda Dalgetty, vice-president of finance and services at the University of Calgary, said in an official announcement.

“It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data.”

“The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data.”

As the Canadian university stated in its announcement, this particular attack is part of a wider trend in cybercriminal activity around the world, which centers on extortion.

Describing the ransomware attack as a “criminal act”, Ms. Dalgetty explained that the relevant authorities have been notified and that an active investigation into the incident is now underway.

ESET does not recommend any individual or organization pay a ransom, as there is “no way of stopping the attackers demanding more money”.

Additionally, by bowing down to their demands, victims inadvertently “create a new market for cybercriminals, which could lead to further ransomware attacks”.

Speaking to the BBC, Dr. Steven Murdoch, from University College London, echoed these sentiments, explaining that it encourages more cybercriminals to pursue similar attacks.

“It would be better if nobody ever paid, although that’s unrealistic to expect,” he continued.

“What’s making matters worse is a new trend. “The [attackers] are threatening to publicly publish information they found on your computers if you refuse to pay.”

Author , We Live Security

Follow us

Copyright © 2016 ESET, All Rights Reserved.