University of Calgary pays $20K ransom to cyberattackers

CALGARY—The University of Calgary says it paid a ransom of $20,000 demanded after a recent cyberattack in order to regain access to its own email system.

The school said in a news release June 7 that staff were able to isolate some of the attack and were working to ensure its computer systems are operational.

Linda Dalgetty, a university vice-president, said there’s no indication that any personal data was released to the public.

Dalgetty said while its unfortunate to pay the ransom, the university could not risk losing critical data.

“We are a research institution, we are conducting world class research daily and we don’t know what we don’t know in terms of who’s been impacted and the last thing we want to do is lose someone’s life’s work,” she said.

This type of attack involves an unknown cyber-attacker locking or encrypting computers or computer networks until a ransom is paid, and when it is, keys, or methods of decryption, are provided.

The attacks started at the end of May, locking staff, students and faculty out of their emails.

Now that a ransom has been paid, the university hopes it can regain control of its systems quickly.

The university said Calgary police were investigating.

The Canadian Cyber Incident Response Centre issued a joint alert with the U.S. Department of Homeland Security earlier this year warning about the proliferation of ransomware.

It estimates that there were more than 1,600 ransomware attacks per day in 2015 against Canadians.

“This attack is part of a disturbing global trend of highly sophisticated and malicious malware attacks against organizations including NASA, law enforcement agencies and large health-care institutions,” the university said.

“The university is working with various experts in this field … We thank students, faculty and staff for their tremendous patience and understanding as we continue to work through this very challenging issue.”