Calgary uni pays ransomware criminals $20k for its files back Administrators at the University of Calgary, Canada, have caved in to criminals and paid a $20,000 ransom to decrypt their computer systems' files after getting hit by a malware infection. Last month, the university fell prey to ransomware, which installed itself on machines, scrambled documents and demanded cash to recover …
It was the Uni administration computers that were hit. So even where documents can be recreated the uniquely time-critical nature of the material handled makes attempting this an unwarrantable risk.
Or do you want to be the one to tell the Vice Chancellor that the reservation for his Xmas party can't be recovered?
"Dalgetty said the police had been called in and were investigating the attack. Under the circumstances, she said, it would not be appropriate to comment further on the details of the infection."
I doubt the police can do much, but reporting it to them certainly offers a handy excuse for not being questioned further on negligence.
<quote>I can't believe people are still paying out these crypto-ransomware extortion deals. Get a good back/DA plan. Put it into place.</quote>
Really, I bet that they once had such a plan, only to have it gutted by manglement and the beancounters who felt the money spent on it was wasted.
"A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time"
At the risk of queuing up to kick someone when they are down.
Shouldn't IT have been putting a great deal of work into having a backup?
I mean really !
Maybe their Information Security dept could help ? (http://icis.cpsc.ucalgary.ca/)
The question I always want to ask when I hear about a ransomware hit like this is: where are the backups? Surely a professional IT department of a major institution should have multiple levels of secure backups that would thwart any ransomware attempts? And if not, why hasn't the head of department been fired yet?
The costs will be a lot higher to go through all their systems and ensure there isn't any malicious files and malware put on them. It's not uncommon for criminals to give you your network back, with some attached malware/backdoors hidden very well throughout the network. Especially on network devices and DNS, where admins don't typically keep a close eye on.
Hey, but you may have your data back and you managed to encourage and provide motivation for more criminal activities like this. I'm sure those taxpayers are happy with your decision.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
