The University of Calgary in Canada has been forced to pay malicious hackers $20,000 (£10,810) in untraceable Bitcoin after being hit by a massive and devastating ransomware attack on 28 May, which knocked out the IT systems of the institution. The university grappled with security issues for almost a week after the cyberattack and on 7 May it announced that it had made the ransom demanded by hackers in efforts to gain back access to the system. The vice president of the university, Linda Dalgetty, said at present there is "no indication" of any personal or official university data having been leaked online.
Dalgetty said: "As part of efforts to maintain all options to address these systems issues, the university has paid a ransom totalling about $20,000 CDN that was demanded as part of this 'ransomware' attack. The university is now in the process of assessing and evaluating the decryption keys.
"The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data. A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time."
Justifying the decision to pay the ransom, Dalgetty said: "We did that solely so we could protect the quality and the nature of the information we generate at the university. Because we do world-class research here ... and we did not want to be in a position that we had exhausted the option to get people's potential life work back in the future if they came today and said, 'I'm encrypted, I can't get my files,'" the CBC reported.
Crediting the university's IT department with identifying and isolating the malware, Dalgetty said as of 6 June, the university's email was back up and running for students and staff. The university is cooperating with the Calgary police to further investigate the attack.
No further details about the attack, including information on the cybercriminals or the extent of the damage sustained, have been disclosed as of yet.
According to a report by security firm Flashpoint, the recent ransomware attack trends suggest that hackers are increasingly targeting healthcare networks, which generally pay up ransoms in efforts to secure sensitive data. The alarming rise in ransomware attacks throughout the past year also suggests that cybercriminals have shifted preference towards holding victims' data hostage to demand payouts, instead of simply stealing data and selling them on the dark web.
Given the complexity of ransomware strains, it takes a lot of time and effort to decrypt data once an attack has taken place. As in the case of the University of Calgary, some organisations may prefer to pay the ransom, even amid uncertainty of receiving a decryption key, in fear of losing critical and sensitive data.