University of Calgary pays hackers more than $15,000 to recover from ransomware infection

The University of Calgary admitted Tuesday to paying hackers more than $15,000 in order to rebound from a ransomware infection that had crippled computer systems across the Canadian college for over a week.

Linda Dalgetty, the school’s vice president of finances and services, told reporters that more than 100 computers across campus became infected a week earlier with ransomware, an increasingly popular type of malware in which the contents of a compromised device are remotely encrypted and held ransom by hackers until a payment is made.

School officials discovered the infection on May 28, and soon learned that the ransomware had encrypted the email server used by the university for faculty and staff accounts, the Calgary Herald reported Tuesday.

Technicians worked “around the clock” in an effort to remove the ransomware from infected computers, Ms. Dalgetty said, and managed to finally restore email access on Monday this week. In the meantime, however, the school had already agreed to pay a hefty ransom comparable to the cost of a four-year tuition in order to restore critical research data.

Technicians worked “around the clock” in an effort to remove the ransomware, Ms. Dalgetty said, and email access was finally restored on Monday this week — after the school agreed to pay a hefty ransom comparable to the cost of a four-year tuition at the Canadian college.

The university ultimately coughed up the $20,000 Canadian ($15,725 U.S.) ransom “because we do world-class research here … and we did not want to be in a position that we had exhausted the option to get people’s potential life work back in the future if they came today and said, ’I’m encrypted, I can’t get my files,’” Ms. Dalgetty said, CBC reported.

The decision to pay up was made “solely so we could protect the quality and the nature of the information we generate at the university,” she added.

No evidence exists to suggest that any personal data or other university records were released to the public, and law enforcement is actively investigating the matter, Ms. Dalgetty said in a press released published on the college’s website Wednesday.

“As this is an active investigation, we are not able to provide further details on the nature of the attack, specific actions taken to address it or how or if decryption keys will be used,” she added.

A report issued earlier this month by ThreatTrack Security, a Florida-based firm, concluded that nearly one-in-three IT professionals within the U.S. are willing to pay money to recover from a ransomware infection and that organizations that have previously been infected are more likely than not to pay after subsequent cyberattacks.

“[I]f you pay a ransom, it is monetizing the activity, and therefore will increase its occurrence.” Canadian cybersecurity professional Patrick Malcolm told iNews880 radio this week. “So the more you pay, the more this type of thing is going to become a common activity.”

MedStar Health was forced to shut down computer systems at 10 hospitals and 250 outpatient facilities in the greater Washington, D.C. in March after becoming infected with ransomware, and the president of Kansas Heart Hospital said last month that it paid “a small amount” to cybercriminals to recover from a similar infection.

On Wednesday, U.S. security company KnowBe4 said it was recently contacted by a health center that paid hackers nearly $40,000 after 250 devices, including an MRI machine, became infected with ransomware, prompting the unnamed organization to shut down for five days.

“This is a global epidemic,” Ms. Dalgetty said Tuesday, according to Global News. “Cybercrime is out there and these criminals are smart, and they can exploit any organization, including organizations like NASA or major health care organizations.”