Even though data backups and hypervigilance when it comes to clicking around on email links are the recommended way to avoid ransomware woes, one Canadian university instead has ponied up $20,000 to get its files back.
The University of Calgary transferred 20,000 Canadian dollars-worth of bitcoins ($15,780; £10,840) to cyber-extortionists after being hit with the malware, which encrypted the files on more than 100 of its computers.
The decision was made to pay the ransom "because we do world-class research here … and we did not want to be in a position that we had exhausted the option to get people's potential life work back in the future if they came today and said, 'I'm encrypted, I can't get my files,'" said the university's vice president Linda Dalgetty, during a news conference. "We did that solely so we could protect the quality and the nature of the information we generate at the university."
Security researchers are almost unanimous in advocating that organizations not pay the ransom, but instead be prepared with back-up files held offsite. Not only is there no guarantee that the criminals will hold up their end of the bargain, but even if they do, the willingness to pay encourages the ransomware marketplace. Even so, a recent survey from Skyhigh Networks found that 14% of organizations would be willing to pay a ransom as high as $1 million to get scrambled files back—surely much more than a backup service would cost.
“It’s shocking that so many companies are willing to pay even a penny’s ransom, and would trust hackers not to follow through with an attack,” said Nigel Hawthorn, Skyhigh Networks’ chief European spokesperson. “The idea that some would pay more than $1 million is downright staggering. There are no guarantees at any price, and there is no way back once the payment is made."
He added, “Examples of companies refusing to pay up, such as Meetup.com, are few and far between. As such, hackers are increasingly confident they can hold businesses over a barrel, that they can execute crippling cyberattacks and that most businesses would rather pay up than put up. There will be several high profile examples of ransomware in 2016, and countless unreported incidents on top of that.”
For its part, the university is now in the process of assessing and evaluating the decryption keys, which it said it has confirmed are legitimate.
"The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data,” Dalgetty said.
The University of Calgary also said that there was no indication that "any personal or other university data was released to the public,” though it’s not uncommon for ransomware perpetrators to carry out follow-on attacks like data exfiltration.
Dalgetty added that the local police force was investigating the matter.
Photo © Jeff Whyte/Shutterstock.com