Skip to main content

Kienestology Atrium on campus at the University of Calgary on Thursday, March 02, 2006.Chris Bolin/The Globe and Mail

The University of Calgary – which says it paid a ransom of $20,000 to cyber-attackers to regain access to its e-mail system – is the latest institution to be targeted in the rapidly rising and increasingly sophisticated industry known as ransomware.

Staff at the university successfully isolated some of the attack and were working to get computer systems fully operational, the institution said in a news release Tuesday.

Calgary police are investigating.

Linda Dalgetty, a University of Calgary vice-president, said while it is unfortunate to have to pay a ransom, the university could not risk losing critical data. "We are a research institution; we are conducting world class research daily and we don't know what we don't know in terms of who's been impacted and the last thing we want to do is lose someone's work," she said.

What is ransomware?

Ransomware is malware that encrypts files on the target's device or system, allowing the attacker to demand a ransom in order to get the encryption key to unlock the data.

How prevalent is it?

Companies, institutions such as hospitals and universities, and even law firms are increasingly being targeted in ransomware attacks.

Among recent victims are Kansas Heart Hospital in Wichita, Hollywood Presbyterian Medical Center in Los Angeles, and MedStar Health in Washington, D.C.

Network services provider Infoblox says there was a 35-fold increase in observations of ransomware-related domains in the first quarter of 2016.

The FBI recently disclosed that ransomware victims in the U.S. reported costs of $209-million (U.S.) in the first quarter of 2016, up dramatically from $24-million for all of 2015, according to Infoblox.

What should an institution do in the event of an attack?

Institutions often find they have no choice but to pay the ransom to get their data back.

Some companies have even been stocking up on bitcoins in the event they are targeted and need to pay up.

But some cyber-security experts say paying the ransom only encourages attackers.

Hollywood Presbyterian tried to thwart its attackers by switching to paper medical records and forms but ended up paying about $17,000 in bitcoins to get its systems back up.

In some cases, a one-time payment isn't enough. "Unfortunately, even when organizations have paid up, attackers have been known to ask for more money," said Chris Mayers, chief security architect at Citrix Systems Inc. in London.

How do you guard against attack?

"Tight security measures, up-to-date software, user best practices and clean, protected backup data" are needed, says Infoblox.

Updating staff on preventive measures is also critical, experts say.

"Anti-virus technologies are being improved," said Mr. Mayers.

So-called cyber-insurance to help cover losses related to ransom and cleanup is also available.

With files from The Canadian Press

Follow related authors and topics

Authors and topics you follow will be added to your personal news feed in Following.

Interact with The Globe