Canadian university pays $15K in ransomware attack

Canadian university pays $15K in ransomware attack
© Thinkstock

The University of Calgary paid malicious hackers 20,000 Canadian dollars, or about $15,700, to recover access to its IT systems after it was hit with a ransomware attack, the school said Tuesday.


The university is now working to assess the decryption keys it received in exchange for the ransom, paid in the anonymous digital currency bitcoin.

“The actual process of decryption is time-consuming and must be performed with care,” the school said in a statement. “It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data.”

In ransomware attacks, hackers remotely lock computer files and demand ransom payments for their return. The scheme has exploded into a multimillion dollar industry in recent years yet has baffled law enforcement and lawmakers.

Federal data shows the FBI received 2,453 complaints about ransomware last year, costing victims over $24 million in hostage payments. But experts say those figures are dwarfed by all payments, which likely exceed half a billion dollars per year.

Linda Dalgetty, vice-president of finances and services at the university, told a news conference Tuesday that the decision was made to pay the ransom in order to regain access to faculty and students’ valuable research.

"We did that solely so we could protect the quality and the nature of the information we generate at the university,” Dalgetty said, according to CBC News. “We do world-class research here ... and we did not want to be in a position that we had exhausted the option to get people's potential life work back in the future if they came today and said, 'I'm encrypted, I can't get my files.’”

Ransomware attacks have drawn widespread concern on Capitol Hill, including from Sens. Ron JohnsonRonald (Ron) Harold JohnsonCongress sends bill renewing anti-terrorism program to Trump The Hill's Morning Report — Shutdown fallout — economic distress Hillicon Valley: Republicans demand answers from mobile carriers on data practices | Top carriers to stop selling location data | DOJ probing Huawei | T-Mobile execs stayed at Trump hotel as merger awaited approval MORE (R-Wis.) and Tom CarperThomas (Tom) Richard CarperIRS shutdown plan fails to quell worries Dems blast EPA nominee at confirmation hearing Last-minute deal extends program to protect chemical plants MORE (D-Del.), the chairman and ranking member, respectively, of the Homeland Security Committee. They have asked the Homeland Security and Justice departments for data on the attacks.

Sen. Barbara BoxerBarbara Levy BoxerCalifornia AG Becerra included in Bloomberg 50 list Climate debate comes full circle Fox's Ingraham transitioning longtime radio show to podcast MORE (D-Calif.) has also asked the FBI for more details on a string of ransomware attacks targeting hospitals that forced networks offline and, in some cases, led to extortion payments.

The Senate Judiciary Committee has also taken aim at the scheme, holding a hearing on the topic last month.