The university announced the ransom payment Tuesday, a week after the initial attack.
“As part of efforts to maintain all options to address these systems issues, the university has paid a ransom totalling about $20,000 Cdn that was demanded as part of this ransomware attack,” Linda Dalgetty, vice-president of finances and services, said in a release.
- University of Calgary cyber attack part of increasing problem, experts say
- Ransomware: What you need to know
- Bitcoin ransom demanded by hackers of Calgary wine store
“A ransomware attack involves an unknown cyberattacker locking or encrypting computers or computer networks until a ransom is paid, and when it is, keys, or methods of decryption, are provided,” the release said.
“There is no indication that any personal or other university data was released to the public,” Dalgetty said.
University officials don’t know the source of the ransomware cyberattack, or if it was one person, a group, local or international. There had been one minor data breach at the school, but this attack was different because it encrypted the university’s email server.
“What we do know is that when we first identified the encryption, we did get a ransom note,” said Dalgetty at a news conference on Tuesday. “So that’s how we knew it was ransomware. And we also knew that it was likely someone external who had likely planted that ransomware,” she said.
The decision was made to pay the ransom “because we do world-class research here … and we did not want to be in a position that we had exhausted the option to get people’s potential life work back in the future if they came today and said, ‘I’m encrypted, I can’t get my files,'” said Dalgetty. “We did that solely so we could protect the quality and the nature of the information we generate at the university.”
Even though the ransom has been paid, there was no guarantee that the problem would be solved. But Dalgetty said that the university has been able to confirm the decryption keys work.
The cyberattack targeted only staff and faculty emails, not students. But for a time, staff and students were being warned not to use any school-issued computers and couldn’t access email.
The university continues to work toward getting the files that were locked back online.
The university credited its IT department with being able to isolate the effects of the attack and “make significant progress towards restoration of the affected portions of our systems.”
As of Monday, June 6, email was available for faculty and staff.
Besides consulting cyber experts in the field, the university called in the Calgary Police Service to investigate, because a malware attack is considered a criminal act.
The university said that the investigation is continuing, but that no further details would be provided about the attack or actions taken to counteract it.
Ransomware attacks are becoming an increasing problem in what the university called “a disturbing global trend of highly sophisticated and malicious malware attacks against organizations including NASA, law enforcement agencies and large health-care institutions.”