Skip to main content

The Globe and Mail

How to guard against ransomware attacks like the one at U Calgary

Kienestology Atrium on campus at the University of Calgary on Thursday, March 02, 2006.

Chris Bolin/The Globe and Mail

The University of Calgary – which says it paid a ransom of $20,000 to cyber-attackers to regain access to its e-mail system – is the latest institution to be targeted in the rapidly rising and increasingly sophisticated industry known as ransomware.

Staff at the university successfully isolated some of the attack and were working to get computer systems fully operational, the institution said in a news release Tuesday.

Calgary police are investigating.

Story continues below advertisement

Linda Dalgetty, a University of Calgary vice-president, said while it is unfortunate to have to pay a ransom, the university could not risk losing critical data. "We are a research institution; we are conducting world class research daily and we don't know what we don't know in terms of who's been impacted and the last thing we want to do is lose someone's work," she said.

What is ransomware?

Ransomware is malware that encrypts files on the target's device or system, allowing the attacker to demand a ransom in order to get the encryption key to unlock the data.

How prevalent is it?

Companies, institutions such as hospitals and universities, and even law firms are increasingly being targeted in ransomware attacks.

Among recent victims are Kansas Heart Hospital in Wichita, Hollywood Presbyterian Medical Center in Los Angeles, and MedStar Health in Washington, D.C.

Network services provider Infoblox says there was a 35-fold increase in observations of ransomware-related domains in the first quarter of 2016.

Story continues below advertisement

The FBI recently disclosed that ransomware victims in the U.S. reported costs of $209-million (U.S.) in the first quarter of 2016, up dramatically from $24-million for all of 2015, according to Infoblox.

What should an institution do in the event of an attack?

Institutions often find they have no choice but to pay the ransom to get their data back.

Some companies have even been stocking up on bitcoins in the event they are targeted and need to pay up.

But some cyber-security experts say paying the ransom only encourages attackers.

Hollywood Presbyterian tried to thwart its attackers by switching to paper medical records and forms but ended up paying about $17,000 in bitcoins to get its systems back up.

Story continues below advertisement

In some cases, a one-time payment isn't enough. "Unfortunately, even when organizations have paid up, attackers have been known to ask for more money," said Chris Mayers, chief security architect at Citrix Systems Inc. in London.

How do you guard against attack?

"Tight security measures, up-to-date software, user best practices and clean, protected backup data" are needed, says Infoblox.

Updating staff on preventive measures is also critical, experts say.

"Anti-virus technologies are being improved," said Mr. Mayers.

So-called cyber-insurance to help cover losses related to ransom and cleanup is also available.

With files from The Canadian Press

Report an error Licensing Options
About the Author
Quebec Business Correspondent

Bertrand has been covering Quebec business and finance since 2000. Before joining The Globe and Mail in 2000, he was the Toronto-based national business correspondent for Southam News. He has a B.A. from McGill University and a Bachelor of Applied Arts from Ryerson. More

Comments

The Globe invites you to share your views. Please stay on topic and be respectful to everyone. For more information on our commenting policies and how our community-based moderation works, please read our Community Guidelines and our Terms and Conditions.

We’ve made some technical updates to our commenting software. If you are experiencing any issues posting comments, simply log out and log back in.

Discussion loading… ✨

Combined Shape Created with Sketch.

Combined Shape Created with Sketch.

Thank you!

You are now subscribed to the newsletter at

You can unsubscribe from this newsletter or Globe promotions at any time by clicking the link at the bottom of the newsletter, or by emailing us at privacy@globeandmail.com.