Latest Ransomware Demand Successful: University of Calgary Pays $20K to Decrypt Sensitive Files

When a business is targeted for a ransomware attack, paying the ransom can often seem like the most reasonable response to getting data decrypted and begin the process of restoration.

The problem is, it isn’t always that simple. After all—cyber criminals are a criminal element, and just because they say they will follow through with their promises doesn’t mean they always will. Take the recent Kansas Heart Hospital ransomware attack, for example. In the KHH case, the attackers extorted a second ransom after receiving the first payment for their original demands; while hospital officials declined to pay the second ransom, the fact that the hackers demanded it in the first place is testament to the fact that in the world of cybercrime—and especially ransomware—the criminals definitely have the upper hand.

U of C Agrees to Pay $20,000 CDN to Ransomware Attackers

In the case of the most recent institutional attack on the University of Calgary, the university chose to pay $20,000 CDN in return for the promise of decryption keys that allegedly held the access to the ransomed files and data. As of the first week of June 14, 2016, it was not yet confirmed whether all keys were valid and if they had actually been used, but the university stated that it had restored email to faculty and staff and that its IT department was working on restoring the remaining files. It was also confirmed that at least some of the decryption keys were valid.

Ransomware Attacks Up 20% In Canada In the Last Three Months Alone

The attack on the University of Calgary is one of the country’s biggest disclosed ransomware attacks, leaving at least 100 systems affected by encryption. According to industry statistics, Canada has seen an increase in ransomware by about 20% in just the last three months.

Paying the Ransom Is Just the Beginning…

For the U of C, paying the ransom and obtaining the decryption keys was a strategic decision based on sound profit and loss analysis and disaster response. As of June 14, 2016, more than two weeks since the attack, the university had not yet restored all files.

The decryption process takes longer than most organizations expect, as it is a time-consuming process that demands the utmost care to avoid compounding the damage. It is important to note that decryption methods do not magically restore all systems or guarantee the recovery of any data—when restoring a system post-ransomware attack, an IT department must make sure that all affected systems are fully operational and free of any remaining threats. The process is not straightforward, and it takes quite a bit of time to restore files and systems to pre-attack functionality.

Cloud-Based Services Can Help With Business Continuity in the Wake of a Data Disaster

The university did confirm that faculty and staff were able to take advantage of the cloud-based Microsoft Office 365 platform, which the university had begun to migrate to before the attack took place. In addition to providing reliable connectivity and remote access, cloud-based systems are often a part of any comprehensive business continuity plan in a post-disaster environment.

If you’re looking for business continuity and data disaster response services that will allow your business to function and stay connected shortly after a disaster takes place, email migration to a cloud-based system can be a good place to start. Cloud-based services allow users to access email and other important files from remote locations that may be the only safe access points after a cyber attack has occurred.

Centerpoint IT is your local IT industry and security expert and always at the forefront of the latest IT innovation and IT security news. If you think you may have been targeted by ransomware or if you need help protecting your business information from the latest cyber security threats and attacks, reach out to us. Contact us at (404) 781-0200 or send us an email at info@centerpointit.com for more information.