The University of Calgary said it paid a $20,000 ransom demanded by anonymous cyber attackers who knocked out about 9,000 email accounts for faculty and staff and impacted communication with students for days.
“A ransomware attack involves an unknown cyber-attacker locking or encrypting computers or computer networks until a ransom is paid, and when it is, keys, or methods of decryption, are provided,” finance and services vice president Linda Dalgetty said Tuesday.
Dalgetty said after the university sent the ransom, they received encryption keys—but were able to fix many of the IT systems without using what they paid for.
“We have world-class researchers here and in a lot of cases, we don’t know what we don’t know in terms of who was impacted,” she said. “So it was really to look at all the options and make sure that if somebody came down the road and said, ‘I’ve been away, my computer’s encrypted, my life’s work is gone,’ that we weren’t saying, ‘sorry we can’t help you.’
“We’ve been able to restore a lot of our systems without the encryption keys, but we want to have that possibility if we need them, that they’re in our possession and we can use them where appropriate.”
Network issues started Saturday May 28, prompting officials to warn students and staff against using any University of Calgary-issued computers for any purpose.
READ MORE: University of Calgary recovers from Malware attack
As of Monday June 6, email was available for faculty and staff, Dalgetty said. She added there was no indication any personal or other university data was released to the public.
READ MORE: Ransomware on the rise in Canada – How to protect your data
“You’re kind of between a rock and a hard place — there is the option of not paying any ransom ever, on principle; or you pay the ransom and possibly get the appropriate means to decrypt your data,” said John Aycock, a security expert in the university’s computer sciences department. “Of course you’re dealing with criminals, so there is no 100 per cent guarantee.”
Dalgetty said the university is currently in the process of evaluating the decryption keys—which she noted do not automatically restore all systems or guarantee data recovery.
“This is very complicated and complex software that’s been planted,” she said. “So while we can restore from copies of backup, we cannot get necessarily everything back and we just did not want to have that risk that something went missing that was not recoverable.”
The Calgary Police Service, along with technical experts, are part of the investigation.
“As this is an active investigation, we are not able to provide further details on the nature of the attack, specific actions taken to address it, or how or if decryption keys will be used,” said the university statement.
“This is a global epidemic,” Dalgetty said. “Cyber crime is out there and these criminals are smart, and they can exploit any organization, including organizations like NASA or major health care organizations.”
The university previously said the attack didn’t impact classes. Dalgetty said there may have been a couple of days of data loss, but senders should have been notified of any undeliverable emails.
The University of Calgary is providing updates on the situation through the UC Emergency App.
Watch below: The University of Calgary is blaming malware for causing systems issues that impacted everything from email and Skype for Business to its secure wireless and active directory. Gary Bobrovitz reports.
With files from Global’s Mia Sosiak