The University of Calgary paid $20,000 Canadian dollars to restore access to its computer network after a ransomware attack paralyzed the campus May 28.
University officials paid the hacker June 7 and received a decryption key that is being used to restore faculty access to previously blocked online databases, including email servers.
Vice President of Finances and Services Linda Dalgetty says the university paid the hacker “because we do world-class research here and we did not want to be in a position that we had exhausted the option to get people’s potential life work back in the future if they came today and said ‘I’m encrypted, I can’t get my files.’ We did that solely so we could protect the quality and the nature of the information we generate at the university.”
RELATED: Here’s How 7 Institutions Dealt with Recent Ransomware Attacks
When university officials realized some network access was restricted, the IT department attempted to isolate the effects of the attack. CBC.ca reports that the decryption included a note confirming it was a ransomware attack.
The university also worked with Calgary Police Services, which continues investigating the attack, and consulted with various cybersecurity experts.
Although the full extent of the cyberattack has not been revealed, the university confirmed that email servers were affected. The attack made faculty and staff emails inaccessible, although university officials do not believe student emails were ever compromised.
Still, administrators initially advised students not to connect their computers to the school network.
PODCAST: A Ransomware Conversation with a Cybersecurity Expert
After paying the hackers in bitcoin, administrators received a decryption key. The university confirmed that the decryption key works, but it has taken several days to decrypt all of their files.
Ransomware decryption keys can differ depending on what the hacker’s intentions are and the type of malware used in the attack. Some decryption keys will fully restore access to a computer network automatically, but that doesn’t appear to be the case at the University of Calgary.
Campus Safety magazine has reported on institutions paying a ransom only for the hackers to demand a second ransom. Other institutions have effectively responded to ransomware attacks and regained access to their network without paying a fee. Campus Safety has also looked at how seven different institutions handled ransomware attacks with varying levels of success.
Although there’s significant uncertainty about the best way to respond to a ransomware attack (paying ransoms should be considered a last resort), cybersecurity experts seem to be in agreement that it’s a growing threat that institutions need to prepare themselves for.