The university’s email and files were all encrypted by the attackers last month. The administration made the call to pay the ransomware demand of $20,000 in bitcoin in order to retrieve the data. The university does not believe that any personal data on employees or students was leaked, but added that it is working with the local police force to investigate the issue.
“The university is now in the process of assessing and evaluating the decryption keys. The actual process of decryption is time-consuming and must be performed with care,” said Linda Dalgetty, vice president of finances and services at the university, following the ransom payment. “It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data. A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time.”
Security firms are divided on whether or not victims of ransomware should ever pay the bitcoin demands. Ransomware that targets individuals is usually a couple of hundred dollars, but companies and enterprises can be much higher, as was seen in this case.
We have seen cases where ransomware has targeted hospitals, police stations, and churches. Most notoriously, a hospital in Los Angeles paid $17,000 in February to get its systems up and running again.
There has been a swell in ransomware cases as evidenced by the sheer number of new strains that keep popping up. Bart Parys, a security researcher, maintains a log of every known strain of the malicious software, with more than 120 versions out there.
Paying may seem like an option, but some security pros believe paying the demands only encourages more would-be cybercrooks to get involved if there appears to be a potentially high return on investment. It is also never guaranteed that the culprit will provide the decryption keys after payment is sent.
