University pays $20,000 to ransomware hackers

University of CalgaryUniversity of Calgary
University IT workers tried to crack the ransomware for more than a week before the payment

A Canadian university has paid hackers to restore access to data they had turned into the digital equivalent of gibberish.

The University of Calgary transferred 20,000 Canadian dollars-worth of bitcoins ($15,780; £10,840) after it was unable to unwind damage caused by a type of attack known as ransomware.

The malware caused emails and other files to become encrypted.

One expert warned that the payout would encourage further blackmail attempts.

The move comes the same week Intel warned that ransomware infections were spreading at "an alarming rate".

More than 120 separate strains exist, many of which are frequently updated, making it difficult for security experts to offer a solution.

Technology explained: what is ransomware?

The University of Calgary told a local newspaper that more than 100 of its computers had been affected since it was attacked last month.

"The university is now in the process of assessing and evaluating the decryption keys," said the university's vice president Linda Dalgetty.

"The actual process of decryption is time-consuming and must be performed with care.

"It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data."

She added that the local police force was investigating the matter.

Exposure threats

The university follows other high-profile bodies to have met cybercriminals' demands in recent weeks.

In February, the Hollywood Presbyterian Medical Center paid $17,000 to restore access to its system.

At the end of the same month, Melrose Police Department in Massachusetts paid $450 after it fell victim to a similar attack.

"It's very tempting for organisations to pay out the ransom because that might be the only way they can get their data back, but that makes it worse for everyone else because it encourages more people to set up schemes like the one used in the Calgary case," commented Dr Steven Murdoch from University College London.

"It would be better if nobody ever paid, although that's unrealistic to expect.

"What's making matters worse is a new trend.

"The hackers are threatening to publicly publish information they found on your computers if you refuse to pay, which acts as a double incentive to comply."

The University of Calgary has said there was no indication that "any personal or other university data was released to the public".

More on this story