Ride the Lightning

University of Calgary Pays $15,600 in Ransomware Attack to Retrieve its Data

June 9, 2016

The price of getting the decryption key once your data has been encrypted by ransomware appears to be rising. According to a story in the Calgary Herald, the University of Calgary paid (in U.S., dollars) about $15,600 in untraceable bitcoins to get the decryption key that would unlock its data after a ransomware attack.

The story underscores the need to have a properly engineered backup system so that no ransom need be paid – as it is, the university is out a large chunk of money and it will still take time for the data to be decrypted on more than 100 computers. And of course there is never any guarantee that all systems will be restored and all data recovered.

While I applaud the university's transparency in acknowledging the successful attack and the ransom payment, it appears that once again there was an epic fail in engineering the backup properly. There must always be a clean backup, unconnected to the network, that will provide the ability to restore data in the event that a successful attack happens while the network is backing up.

If you don't understand how your current backup is configured and whether it could withstand a ransomware attack, it's time to ask some hard questions.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson