On May 28, 2016, the University of Calgary determined it was the victim of a malicious software (ransomware) attack which crippled their IT systems. How the cyber attackers gained access to UCalgary’s systems is not yet fully known, and the effects of this attack were felt by their entire community.
SFU IT Services has been closely monitoring the situation, and we joined other universities across Canada in offering support to UCalgary’s IT teams. This notice is intended to explain what happened at UCalgary, what we’re doing to protect SFU, and how you can help.
What happened at UCalgary?
Cyber attackers discovered a kink in UCalgary’s digital armour and exploited it to gain access to their networks. 100 computers were infected with ransomware which resulted in UCalgary’s authentication system being taken offline and access to services such as email, Skype, and wireless networks was blocked on May 28th. Students, faculty, and staff were also instructed not to use any university-issued computers at that time.
To compound matters, the attack was discovered on the first day of the Congress 2016 of the Humanities and Social Sciences when the 8,000 attendees were to register for the conference.
On May 30th use of UCalgary-issued computers was permitted, and the IT teams at UCalgary were able recover most services and systems by June 3rd, though the widespread disruption of technical services across all networks impacted users for 10 days.
What is ransomware?
Ransomware is a malicious application deployed by cyber attackers and encrypts all files on the target computer. The cyber attackers then send the owner a message demanding ransom money in exchange for the key to de-encrypt their files. These criminals leverage fear of losing important documents and being locked out of files, and there is no guarantee that once a ransom is paid a decryption key will be sent nor that it will work.
UCalgary paid the $20,000 ransom the cyber criminals demanded in exchange for decryption keys. This decision was not made lightly and only after their IT teams worked around the clock to restore their systems. Now they are in the process of evaluating and assessing the decryption keys.
Although a $20,000 ransom is bad, we must emphasize that the financial impact of the ransom is relatively small compared to the massive impact of all of the UCalgary’s information systems being offline for 7 full days.
The Calgary Police Service is actively investigating this attack.
How does this impact SFU?
SFU is no more or less vulnerable than any other university to a cyberattack. Over the last five years we have successfully dealt with ransomware attacks that have impacted individuals or departments. This has led to proactive measures within our Managed Desktop service including utilizing best of breed antivirus and ad blocker software in all of our labs.
We have never paid a ransom.
Ransomware attacks such as the one at UCalgary serve as a reminder to everyone in the University community of the importance of data and system security.
What SFU is doing to mitigate the risk of an attack
As part of the vision for One I.S., all IT staff at SFU are working together to unify our processes, data, and technologies together into a seamless system. This includes working with departmental IT staff to standardize systems and technologies. To learn more about the vision for One I.S., click here.
Other measures include:
- Offering our Managed Desktop Service to departments across the University. The service provides our clients with asset management and health monitoring and with assistance technology that allows for faster response to urgent problems.
- Incorporating additional security measures for our networks as part of the Campus Network Renewal project.
What can you do?
When it comes to security, you are the first line of defense. You can help by:
- Keeping virus detection and system software up-to-date;
- Being web wise and connecting with care;
- Safeguarding your passwords; and
- Backing up your data safely.
You should also adopt the principle of least privilege by limiting access to the minimum needed. For example, you should read email, connect to web sites, and edit documents as an ordinary user not an administrator.