Yet another organization has acknowledged it opted to pay cyberattackers after its systems were infected with ransomware, the file-encrypting malware that has become one of the most dreaded menaces across the internet.
See Also: Unlocking Software Innovation with Secure Data as a Service
The University of Calgary paid CA$20,000 (US$15,700) and "is now in the process of assessing and evaluating the decryption keys," according to a statement from Linda Dalgetty, vice president for finance and services.
"The actual process of decryption is time-consuming and must be performed with care," Dalgetty writes. "A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time."
Ransomware Explosion
Ransomware has been around for more than a decade, but attacks have exploded in the past couple of years. Consumers appeared to be more affected at first, with ransoms in the range of a few hundred dollars, usually payable in bitcoin. But attackers are diversifing their targets and demanding more expensive ransoms from large companies and organizations.
In late April, the FBI warned of potentially "catastrophic" impacts to organizations such as schools and hospitals if a ransomware infection occurred. It advised educating users about ransomware, using security software, implementing robust access controls, patching applications and ensuring data is backed up.
But it's clear that many are still being caught off guard, stuck in the unenviable position of either taking a loss of data on the chin or the ethically ambiguous path of paying attackers to obtain the decryption keys.
In February, Hollywood Presbyterian Medical Center in Los Angeles said it paid $17,000 after determining that paying the ransom was the "the quickest and most efficient way to restore our systems and administrative functions." (See: Ransomware: Healthcare Fights Back.)
After confusion over reported comments by an FBI official last year, the agency firmly says that ransoms should not be paid. Such payment "emboldens the adversary to target other organizations for profit, and provides for a lucrative environment for other criminals to become involved," according to an FBI guide on ransomware.
Active Investigation
In Calgary, the university says it started communicating about its cyberattack in late May. It restored email for faculty and staff on June 6. But it warned that obtaining the decryption keys did not mean that all systems could be restored and data recovered.
The Calgary Police Service is working with the university. "As this is an active investigation, we are not able to provide further details on the nature of the attack, specific actions taken to address it, or how or if decryption keys will be used," Dalgetty writes.