The University of Calgary paid malicious hackers 20,000 Canadian dollars, or about $15,700, to recover access to its IT systems after it was hit with a ransomware attack, the school said Tuesday.
The university is now working to assess the decryption keys it received in exchange for the ransom, paid in the anonymous digital currency bitcoin.
“The actual process of decryption is time-consuming and must be performed with care,” the school said in a statement. “It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data.”
In ransomware attacks, hackers remotely lock computer files and demand ransom payments for their return. The scheme has exploded into a multimillion dollar industry in recent years yet has baffled law enforcement and lawmakers.
Federal data shows the FBI received 2,453 complaints about ransomware last year, costing victims over $24 million in hostage payments. But experts say those figures are dwarfed by all payments, which likely exceed half a billion dollars per year.
Linda Dalgetty, vice-president of finances and services at the university, told a news conference Tuesday that the decision was made to pay the ransom in order to regain access to faculty and students’ valuable research.
"We did that solely so we could protect the quality and the nature of the information we generate at the university,” Dalgetty said, according to CBC News. “We do world-class research here ... and we did not want to be in a position that we had exhausted the option to get people's potential life work back in the future if they came today and said, 'I'm encrypted, I can't get my files.’”
Ransomware attacks have drawn widespread concern on Capitol Hill, including from Sens. Ron JohnsonRonald (Ron) Harold JohnsonGOP senator: Buying Treasury bonds 'foolish' amid standoff over debt ceiling, taxes Internal poll shows Barnes with 29-point lead in Wisconsin Democratic Senate primary Wisconsin Democratic Senate candidate facing 4 felony charges MORE (R-Wis.) and Tom CarperThomas (Tom) Richard CarperThe Hill's Morning Report - Presented by AT&T - US speeds evacuations as thousands of Americans remain in Afghanistan Biden finds few Capitol Hill allies amid Afghanistan backlash Trains matter to America MORE (D-Del.), the chairman and ranking member, respectively, of the Homeland Security Committee. They have asked the Homeland Security and Justice departments for data on the attacks.
Sen. Barbara BoxerBarbara Levy BoxerFormer California senator prods Feinstein to consider retirement Trump decries 'defund the police' after Boxer attacked Former Sen. Barbara Boxer attacked in California MORE (D-Calif.) has also asked the FBI for more details on a string of ransomware attacks targeting hospitals that forced networks offline and, in some cases, led to extortion payments.
The Senate Judiciary Committee has also taken aim at the scheme, holding a hearing on the topic last month.