Calgary uni fail

Robert

Robert

Active Member
Moderator
Joined
Apr 1, 2005
Messages
10,802
Reaction score
6,528
Administrators at the University of Calgary, Canada, have caved in to criminals and paid a $20,000 ransom to decrypt their computer systems' files after getting hit by a malware infection.

Last month, the university fell prey to ransomware, which installed itself on machines, scrambled documents and demanded cash to recover the data. Since they obviously weren't running decent backup procedures, the administrators have agreed to pay up in Bitcoins.

"As part of efforts to maintain all options to address these systems issues, the university has paid a ransom totaling about $20,000 CDN that was demanded as part of this 'ransomware' attack," saidLinda Dalgetty, VP of finance and services.

"The university is now in the process of assessing and evaluating the decryption keys. The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data. A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time."
Click to expand...

Whoops.
 
Wow. I hate to see stuff like that... I really do, because it means the kiddies win...
 
If you can't back it up, scale it back until you can and if you still can't, go back to pen and paper.
 
Robert said:
Whoops.
Click to expand...
Well, that the UofCalgary for you - probably infested with modern windows machines. I remember back at the UofAlberta in Edmonton when I was there in '83-84 that would never have happened. There was no way the IT department would have accepted the punch card stack that would have been required to infect the good old Amdahl.
 
Wayne said:
Wow. I hate to see stuff like that... I really do, because it means the kiddies win...
Click to expand...

I do hate to see it, too. But not really because the kiddies won. Getting hit with cryptolocker is practically to be expected in an organization with the size and access requirements of a university. So, yes, the kiddies won. But it never was a real war.

What I hate to see is that they don't have an adequate backup plan and disaster recovery methods in place for such a likely contingency. There really is no excuse for needing to cough up the money. It should be as easy as re-imaging the lab systems (which they should be doing with high frequency, anyhow), and recovering the office data from backup.

When my office got hit with cryptolocker, we had everything back up and running within a day. But, we would have lost a day worth of work. An executive secretary violated several security warnings to finally download and start the encryption process, and then left for the night, leaving it running, encrypting several top-level folders before that night's backups ran. Ours turned out to be a very cheap ransom, anyhow (~200USD) so we paid it to recover that one day worth of work we didn't catch on the nightly incrementals. But for $20,000, we would have eaten that single day of lost productivity, and not paid anything.

There really is no excuse for losing more than that.
 
I've seen two clients hit with this (had they gone with my recommendations, it would have never happened in the first place), fortunately their backup was configured to sync at 4 hour intervals and the only folder affected was the home directory of the user who launched it, a simple restore to previous version and a workstation reimage sorted it quick smart. Ultimately, I dare say my labour cost them significantly more than the ransom itself...
 
A company I worked for a few years ago were also hit with Crypto-bastard and hadn't backed anything up. Even though I worked there at the time, I had little sympathy.
 
You must log in or register to reply here.
Back
Top