The University of Calgary is the most recent victim of ransomware attacks, and the school paid CND$20,000 in Bitcoin to get rid of the malware. Despite paying the fee, not all systems are back online, as the provided decryption keys do not restore all systems automatically.
Trouble started brewing for the University of Calgary on May 28, and students were advised not to connect their computers or other devices to the school network. Not even 24 hours later, the school was forced to admit they had become the victim of a ransomware attack, and productivity on the network was very limited for ten days.
The University of Calgary Feels After Effects
Albeit law enforcement agencies have warned about not paying the ransomware fee, the University of Calgary had little to no other option available. The school is known for its world-class research, and the store a lot of valuable documents on the network. Telling students and researchers how their life’s work is inaccessible due to a malware infection was never an option.
Eventually, the University of Calgary ended up paying the CND$20,000 ransomware fee, yet that was not the end of their troubles. Several days into decrypting all systems, progress is being made slowly. Albeit the hackers gave up the decryption keys necessary to restore file access, this is a painstaking process.
A ransomware decryption key does not automatically restore all of the encrypted data. Moreover, there is zero guarantee all data is recovered, albeit the University of Calgary has not reported any data losses yet. For now, on-campus security experts are treating this process with the utmost care and delicacy.
Paying A Ransomware Fee Is Not The Answer
What is even more disconcerting is how it remains unclear as to which type of ransomware was used. The University of Calgary did not provide specific details so far, other than how it managed to take part of the network offline. In fact, the attack was isolated just this Monday, allowing students and faculty to access the email service once again.
Paying the fee associated with a ransomware should always be seen as a last resort. There is no guarantee the decryption keys will restore full system access or revert all data back to its original state. Moreover, the University of Calgary incident goes to show how the real problems only occur after paying the fee itself. Restoring all data and systems will take valuable time. It is unclear as to whether or not the school keeps regular backups of their network data.
Source: Threatpost
Image courtesy of Shutterstock