This week the University of Calgary in Canada admitted paying C$20,000 (€13,900) to a hacker to regain access to files stored in 600 computers, after it suffered a ransomware attack compromising over 9,000 email accounts. In order to receive the keys, the school paid the equivalent of C$20,000 in Bitcoins.
The attack on May 28 targeted computers used by staff and faculty members, crippling multiple systems and encrypting data files and email accounts. Once encrypted, using several rewrites and sophisticated algorithms, it is impossible to access the data without the hacker’s encryption keys.
“As part of efforts to maintain all options to address these systems issues, the university has paid a ransom totaling about $20,000 Cdn that was demanded as part of this ransomware attack,” Linda Dalgetty, vice-president of finances and services, said in a release.
The fact that higher education institutions are now being targeted by ransomware is raising serious questions about their ability to protect their data and critical information systems.
Student email accounts were not compromised since the University of Calgary, like many other large colleges and universities, uses an external cloud-based email system. But the university still keeps most of the staff and faculty email systems in-house, making it an easy target for attackers.
Large academic institutions, especially the ones involved in important research, are becoming a juicy target for ransomware for several reasons:
- They have the ability to pay. Most of those institutions manage their own budgets with little oversight, and they are more flexible than government agencies to pay outsiders.
- They have, or had, a false sense of security, since most of the previous attacks targeted large corporations with huge databases of customer data.
- Their IT systems’ security has not been upgraded at the same pace as other organizations, and their servers and networks are not equipped with the latest standards in encryption and authentication.
- Since their data centers are constrained by storage limitations there is little room for timely backups due to the increase of data being created.
- Physical access to staff and faculty computers is relatively easy for students and outsiders. A hacker delivering the malware program in a thumb drive could easy get access to a connected computer without raising suspicion.
The latter is the most likely scenario of the Calgary attack. The hackers probably gained access to one of the staff computers and installed a self-replicating ransomware virus such as Zcrypt. Once in the system the virus hides in the machine and starts attaching itself to emails and infecting other computers in the network. At one point, when the time set by the hacker arrives, it starts encrypting all the files in the machines infected simultaneously, rendering all those systems unusable.
While most large businesses are taking security much more seriously, investing in specialized hardware and software to prevent attacks, universities and colleges are different animals. They value trust, collaboration and free sharing of information more. Those values are very important to create an environment of creativity and innovation, but they should not be a barrier to increasing IT security.
William Largent, security researcher with Cisco Talos writes: “The problem we face is that every single business that pays to recover their files, is directly funding the development of the next generation of ransomware. As a result of this, we’re seeing ransomware evolve at an alarming rate.”
Linda Dalgetty, the vice-president of finances and services, confirmed they have received decryption keys and IT was working to restore the compromised data. She added that the ransom was paid to “protect the quality and nature of the information we generate at the university.”
Universities Become New Target for Ransomware Attacks