Linda Dalgetty, the school’s vice-president of finance and services, said the cyberattack that crippled multiple systems on May 28 used so-called ransomware, which locks or encrypts computers and networks until a monetary ransom is paid.
She said officials agreed to pay the ransom to ensure critical systems could be restored, but noted it will take some time for the university’s IT staff to apply the encryption keys to the infected machines.
“What happens is you pay the ransom and the bad guys physically provide the keys,” Dalgetty said Tuesday, noting more than 100 computers were affected by the virus.
“At this point, we do have some encrypted machines. We have not used any of the decryption keys.”
Dalgetty said university IT teams have been working around the clock for more than a week trying to fix the bug that affected email, Skype, wireless networks and other services. Users of university-issued computers were also advised to leave them off while under threat from the hackers.
In order to receive the keys, the school paid the equivalent of $20,000 CDN in Bitcoins, a digital currency considered largely anonymous and untraceable. As of Wednesday, the price in Canadian dollars for one Bitcoin is $739.65.
As for why the U of C admitted it paid the ransom, as well as releasing the cost, Dalgetty said it’s an effort to be transparent.
“We’re a public sector organization and we pride ourselves on our openness,” she said.
Kathy Macdonald is a former Calgary police officer and now a cybersecurity specialist who speaks across North America.
She said that a large organization such as the U of C was targeted is no surprise, as those who engage in so-called spear phishing often attack larger institutions in hopes of securing an easy payday.
“Typically, the attack comes through a phishing email targeted generally at a privileged employee that looks like it’s from somebody important,” said the 25-year veteran of Calgary’s police force.
“And once it’s in, it holds your system for ransom.”
She said hackers often do significant reconnaissance before mounting a cyber attack, noting social media, particularly LinkedIn, is a “treasure trove of information about an organization.”
As the attacks become more prevalent, large organizations such as hospitals, universities and even government agencies are being forced to pay the ransoms to free their shackled systems.
A chain of hospitals in Washington, D.C., was hit in March, while a Los Angeles medical centre shelled out $17,000 earlier this year to hackers following a ransomware attack.
Macdonald said no organization is immune to such an attack, making network security, backing up data and user education critical to staving off a future incursion.
On Monday, email was again available to all faculty and staff, though through a different platform. Officials found no indication that any personal information or university data was compromised, Dalgetty said.
Dalgetty said the process of decryption is both time-consuming and complex, and doesn’t guarantee all systems will be restored or lost data recovered.
“We definitely still have some work to do. This is a long-term process,” she said.
“I think we, like other organizations subjected to these attacks, learned that continued vigilance is important.
“We’re working through it a day at a time.”
Calgary police are now investigating the breach, and Dalgetty said no information will be provided about the nature of the attack, specific actions taken to address it or how or if the hacker-provided decryption keys will be used.