Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ransomware Thieves Cost Canada University C$20,000 In Bitcoin (itworldcanada.com)

Posted by EditorDavid on from the O,-Canada dept.

dkatana writes: The University of Calgary paid C$20,000 ransom this week after an attack on May 28 targeted computers used by staff and faculty members, crippling multiple systems and encrypting data files and email accounts. After determining that they were unable to recover the data the ransom was paid to "protect the quality and nature of the information we generate at the university," said an official in a press release.

The fact that higher education institutions are now being targeted by ransomware is raising serious questions about their ability to protect their data and critical information systems.
IT World Canada has more details, noting that the university has reported the incident to the police, and that Trend Micro "has seen a 20% uptick in malicious requests to command and control infrastructure from infected machines over the last three months" -- several thousand requests a day.

87 comments

  1. budget shortcomings by Anonymous Coward · · Score: 0

    I worked for the IT help desk while I was studying at university, and they had an incredibly limited budget. IT there, like everywhere else, is considered an expense, and it ignored as best as possible. I just hope for their sake, they had requests for backup software and offsite storage extremely well documented, to cover their ass.

    1. Re:budget shortcomings by mlts · · Score: 1

      It isn't just backup software. It is implementation, and the 3-2-1 system, with inherent resistance to malware. Even if one doesn't use tape or cloud, devices like Isilons offer functionality like SmartLock which gives WORM functionality to a directory to ensure that snapshots remain around for a period of time, even if mayhem ensures everywhere else but a physical console.

      With cloud backups, S3 isn't cheap, but it is decent for offsite storage, especially with so many client side encryption APIs available. Even Glacier can be useful for archived data, where it can be encrypted, shoved over, and forgotten about. Yes, it will be expensive to retrieve, but at least it is offsite.

      The problem is that security and backups have no visible ROI in the eyes of most managers, so it always gets the hind teat. Until something breaks, that is.

  2. Backup by zm · · Score: 1

    How much would an automated (offsite) backup cost them?

    --
    Sig ?
    1. Re:Backup by Firethorn · · Score: 3, Informative

      First, you have to be careful to keep enough backups to avoid the backups getting encrypted and still have an unencrypted copy close enough to the event.

      Second, I support not paying for the same reason I don't want to pay kidnappers - it just encourages them to keep doing it.

      Third, I hope they make it a student project to track down those that received the ransom..

      Getting back on topic. It's very cheap today on a per gigabyte basis. However, most universities will have so much that the raw bill ends up pretty expensive.

      --
      I don't read AC A human right
    2. Re:Backup by epine · · Score: 2

      C$20,000 invested before the fact would have procured a fairly substantial ZFS storage pool.

      Snapshots don't cost much in marginal storage unless the dataset churns vigorously.

    3. Re:Backup by aaarrrgggh · · Score: 2

      But you don't have guaranteed snapshot retention with ZFS, and unless you have less than 50% disk usage you can still get screwed over. We use BTRFS snapshots on our backup system with rsync, and there are still a number of real risks for our small company. These risks are generally known, and we think we have an acceptable restore window -- basically a day for phones, accounting, and copy/print services, and 1-4 hours for the file server.

      Virtualizing should improve things some, but not everything can be redundant.

      Ultimately we are going to need to restrict user rights much more heavily for any meaningful improvement, but I would love to have some ransomeware canaries set up.

    4. Re:Backup by Tough+Love · · Score: 1

      Why are they running Windows?

      --
      When all you have is a hammer, every problem starts to look like a thumb.
    5. Re:Backup by Anonymous Coward · · Score: 0

      You don't set up time machine to back up the university records to a usb hard drive... The backup media shouldn't ever be visible to the machines you're backing up, you expose a service that can accept the diffs and log them as a transaction. Occasionally wrapping up the diffs so that you have a full backup every N backup intervals, to speed up recovery.

      Then, you still have a chance of the backup servers getting hit, but it should be rare that both your main network and backup get ransomware at the same time. The important thing is to decouple the sites so that either one getting hit doesn't affect the other one.

    6. Re:Backup by mlts · · Score: 1

      Depends on how much data. At the low end, you can buy a NAS for $100-1000, like a Synology or QNAP model, add drives and attach it to AD or your LDAP server. From there, you can use S3, Azure, or another cloud storage provider for offsite storage. For additional peace of mind, have two NAS models, one whose job is to receive backups from the primary NAS, which provides for 3-2-1 backups (three copies, two on different media, one offsite) with S3. To boot, these NAS models offer encryption, so nothing hits the cloud in plaintext.

    7. Re:Backup by mlts · · Score: 1

      I like having two NAS systems. One the primary, and one just for backups which either deduplicates (like a Data Domain appliance), or stashes deduplicated data (wherever the Veeam repo sits.) With snapshots on the primary for fast recovers should Locky come a knocking, this will help mitigate a ransomware threat. Of course, some form of offsite storage is a must, but one can use what works for them the best, be it tape, cloud, or maybe an external HDD that is used to dump critical files from the share, then gets stashed somewhere secure and offline.

    8. Re:Backup by clarkn0va · · Score: 1

      C$20,000 invested before the fact would have procured a fairly substantial ZFS storage pool.

      Irrelevant. This is a Canadian post-secondary institution we're talking about here. As a former IT employee of such an institution (and despite U of C's connection to Theo de Raadt) I can assure you that a) the backup systems in place are virtual miles away from anything resembling free or open source, and b) purchased and licensed at a cost that is many times higher than $20,000.

      Canadian post-secondary IT is well-enough funded to afford whatever the conference sponsors are pushing. Executive would do well to loosen the purse strings a little when recruiting IT talent, and be a little tighter with their capital. Incidents like this are preventable.

      --
      I am literally 3000 tokens away from the chaotic crossbow --Stephen
  3. Re: Florida shooting travesty. Pray for victims.. by Anonymous Coward · · Score: 0

    Why must you troll about this? Trolling is very disrespectful to the victims, their families, and their friends.

  4. Obligatory. Sorry, eh. by Hognoxious · · Score: 1

    I bet they're sorry now.

    Sorry.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  5. $20K is nothing by Anonymous Coward · · Score: 1

    It's just oee students semester of tution fees.

    1. Re:$20K is nothing by Anonymous Coward · · Score: 0

      What? On what planet is one semester $20k?! UofC is nowhere near so expensive.

    2. Re:$20K is nothing by ceoyoyo · · Score: 3, Informative

      American universities can easily get to $20k/semester.

    3. Re:$20K is nothing by Anonymous Coward · · Score: 0

      Think you put it too mildly, that's pretty much the low end for any top 100 school.

  6. Re: Florida shooting travesty. Pray for victims. by Anonymous Coward · · Score: 0

    Stop trolling. If I had to guess, EditorDavid queued up a bunch of stories and went off to do other things. I highly doubt anyone is actively posting stories right now. It's also possible that the new editors will take a different approach about what stories to post.

  7. Re: Florida shooting travesty. Pray for victims.. by Anonymous Coward · · Score: 0

    Any news on how many bitcoins were lost in these attacks?

    I know I keep my wallet encrypted, and only I know the password. My fake money would just vanish if something were to happen to me!

  8. How did they steal their Bitcoins? by Anonymous Coward · · Score: 0

    Oh, you mean the Canadian university bought Bitcoin and paid the extortionists? Hasn't your mom taught you not to do that? WTF is wrong with you people?

    1. Re:How did they steal their Bitcoins? by JcMorin · · Score: 1

      If the data worth more than what the ransom is why not? Even the FBI recommend paying in bitcoin if you really want the data back. It's sound terrible but that's cheap to get a lesson and secure or backup your data properly!

    2. Re:How did they steal their Bitcoins? by Anonymous Coward · · Score: 0

      Pay people to restore or recreate data, or become a financier of crime. Decisions, decisions...
      IMHO paying ransoms should be illegal, with prison time as a minimum sentence.

    3. Re:How did they steal their Bitcoins? by Anonymous Coward · · Score: 0

      You should also lose whatever you paid the ransom to get back.

    4. Re:How did they steal their Bitcoins? by Anonymous Coward · · Score: 0

      Because then you keep this shit happening. I hope someone punches you in the junk for even suggesting that it's okay to pay.

    5. Re:How did they steal their Bitcoins? by elistan · · Score: 1

      I don't understand - why pay the ransom when you can just restore from backups? At most, it's less than a single day's worth of userdata lost.

    6. Re:How did they steal their Bitcoins? by fizzup · · Score: 1

      I think you answered your own question. You pay out if it's cheaper than the amount of lost data (plus any extra downtime that restoring from backup would cause over decrypting all the files, I guess). I assume that UofC officials are competent to make that call.

    7. Re:How did they steal their Bitcoins? by Anonymous Coward · · Score: 0

      No, you don't pay, because you don't know you'll get your data back, you don't know that they won't leave a backdoor (actually you can be pretty sure they will), and you DON'T PAY EXTORTIONISTS, EVER. And don't make stupid assumptions like that.

  9. This might be what kills bit coin by rsilvergun · · Score: 1

    This keeps up they're gonna start inconveniencing people who matter. There's a reason they use bit coin for this. It's harder to trace and easier to launder.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:This might be what kills bit coin by TeknoHog · · Score: 1

      No, people who cannot spell "Bitcoin" is what kills Bitcoin.

      --
      Escher was the first MC and Giger invented the HR department.
    2. Re:This might be what kills bit coin by Anonymous Coward · · Score: 1

      This is the part that I don't understand though. The transaction paying the ransom is recorded in the public ledger. Everybody can see the wallet the ransom was deposited into. Everybody can track all the transactions in and out of that wallet. When dealing with large amount of cash, it is unlikely the criminals will be paying for a sandwich here and there using this money. At some point, they need to sell these bitcoins in bulk and get cash in return and we will see all the transactions that led to that. Why it is so hard to catch them?

    3. Re:This might be what kills bit coin by Anonymous Coward · · Score: 0

      Criminals don't need to look up "money laundering" in the dictionary.

    4. Re:This might be what kills bit coin by hodet · · Score: 1

      Bitcoin tumbling. Enter dirty bitcoin, exit squeaky clean bitcoin.

  10. Re: Slashdot hates LGBTQIA by Anonymous Coward · · Score: 0

    Stop spamming every story with your disrespectful (to the victims, their families, and their friends) trolling. Go away and let the adults talk here.

  11. Re:Disarmed victims zone by Anonymous Coward · · Score: 0

    Lead will kill U faster than A.I.D.S.

  12. Re: Slashdot hates LGBTQIA by Anonymous Coward · · Score: 0

    Try adding some irrational hatered of "teh evil Micro$oft" to your question. Those usually get modded up.

  13. Re: Florida shooting travesty. Pray for victims. by Anonymous Coward · · Score: 0

    So isn't this more evidence that he should be fired? You're saying he queues up stories and then walks away instead of sticking around and doing his job?

  14. Re: Florida shooting travesty. Pray for victims. by Anonymous Coward · · Score: 0

    "News for nerds"

    I don't see what a nightclub shooting has to do with slashdot?

  15. Re: Florida shooting travesty. Pray for victims. by Anonymous Coward · · Score: 0

    That's how Slashdot has always been run. That's how Soylentnews is run, too.

  16. I have an idea by Anonymous Coward · · Score: 0

    Stop. Fucking. Paying.

    As long as you keep paying them off, they'll keep doing it. Stop being useless idiots.

    1. Re:I have an idea by Anonymous Coward · · Score: 0

      Stop. Fucking. Paying.

      Start. Doing. Backups.

    2. Re:I have an idea by Yvan256 · · Score: 1

      Stop. Using. Computers.

      Sent from my telegraph.

  17. Re: Slashdot hates LGBTQIA by Anonymous Coward · · Score: 0

    Why do you hate LGBTQIAA people?! The LGBTQIA Allies have feelings too!

    And are we going to have to give a fucking letter to every person's particular sexual preference to be "sensitive"?

    This PC shit is really getting retarded!

  18. Re: Florida shooting travesty. Pray for victims. by Anonymous Coward · · Score: 1

    I'm not the douchebag AC you replied to. Slashdot was once exactly the place for news like this. It was just about the only site that stayed up on 9/11. Slashdot was up and providing updates while even CNN was basically offline. It's a strange decision to not post a story about the Orlando shooting in the context of other mass shooting ls that Slashdot has posted about. The relevance to the site is debatable, though. And not posting a story is hardly disrespectful, despite the troll who keeps spamming about it.

  19. Re: Florida shooting travesty. Pray for victims. by Anonymous Coward · · Score: 0

    And Slashdot viewership has been dropping every year, wonder why.

    Maybe SoylentNews (which exists only because Slashdot is going downhill) should try to put forth more effort than Slashdot.

  20. Re: Florida shooting travesty. Pray for victims by Anonymous Coward · · Score: 0

    SoylentNews queues up stories, too. In fact, they let you see the titles of the stories have been queued up. There are usually four or five stories in the queue.

  21. Should have used ZFS by Anonymous Coward · · Score: 0

    zfs rollback mypool@hourly-061209

    in less than one second, cryptolocker is gone.

    ps: sysadmin for hire

    1. Re:Should have used ZFS by Anonymous Coward · · Score: 0

      zfs rollback mypool@hourly-061209

      You're trying to roll the system forward to December 9 of this year? Not sure (a) how that gets rid of the ransomware and (b) if that is even possible.

      ps: sysadmin for hire

      We already have enough sysadmins trying their best to remain anonymous, thanks.

    2. Re:Should have used ZFS by Anonymous Coward · · Score: 0

      june 12 - 9am? if you know when the share got infected, you can easily roll back to a point before that happened.

  22. Use of insecure OS costs Canada University $2k. by whoever57 · · Score: 0

    FTFY.

    --
    The real "Libtards" are the Libertarians!
    1. Re:Use of insecure OS costs Canada University $2k. by whoever57 · · Score: 2

      Whoops, should be $20k.

      --
      The real "Libtards" are the Libertarians!
    2. Re:Use of insecure OS costs Canada University $2k. by Anonymous Coward · · Score: 0

      "Canadian" University. Clearly nobody here has been to university yet...

    3. Re:Use of insecure OS costs Canada University $2k. by Anonymous Coward · · Score: 0

      Apparently some butthurt Microsoft fanboi has (or had) mod points.

    4. Re:Use of insecure OS costs Canada University $2k. by pastafazou · · Score: 1

      There are unix, linux, android, mac OS X, and Chrome ransomware variants. Are you suggesting we all switch back to DOS?

  23. Security 101 by Anonymous Coward · · Score: 0

    Out of curiosity - does the University of Calgary offer any courses in the fundamentals of Computer Security? If not, how about ones in System Administration and Backups?

  24. Re: Florida shooting travesty. Pray for victims. by Anonymous Coward · · Score: 0

    Country that loves guns but wants to protect the freedom to have guns gets yet another mass shooting. News at 11.

  25. Re:Public Executions; bring it back by Incadenza · · Score: 1

    Find these fuckers and execute them live on PPV. Maybe that would put a damper on this shit.

    I have a musical suggestion for you.

  26. Re:Florida shooting travesty. Pray for victims... by stooo · · Score: 1

    Military are there to kill and to die. it's just their job.

    --
    aaaaaaa
  27. It should be legal to shoot these idiots by Anonymous Coward · · Score: 0

    In the face. Not the assholes who made the ransomware, the idiots who paid them.

  28. Re:Public Executions; bring it back by Yvan256 · · Score: 0

    But how many Bitcoins would it cost to watch that?

  29. Re:Public Executions; bring it back by Anonymous Coward · · Score: 0

    Find these fuckers and execute them live on PPV. Maybe that would put a damper on this shit.

    I agree tuition is expensive, but that's going too far.

  30. Re: Florida shooting travesty. Pray for victims. by Opportunist · · Score: 1

    Maybe because we get pissed about idiots who post their bullshit in stories that have nothing to do with them. For some odd reason such twits didn't exist 10 years ago.

    Maybe 'cause the relevant people didn't know how to use a keyboard yet.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  31. ...and the stupid morons paid up by JustNiz · · Score: 2

    ...and the stupid morons paid up so they will just encourage them more.

    1. Re:...and the stupid morons paid up by Anonymous Coward · · Score: 0

      If it would cost you $1.5 million to recreate the data lost, would you pay $20k to get it back?

    2. Re:...and the stupid morons paid up by JustNiz · · Score: 1

      >> if it would cost you $1.5 million to recreate the data lost

      Nope, I'd start over and implement a backup policy this time round.

  32. Re: Florida shooting travesty. Pray for victims.. by Opportunist · · Score: 1

    Depending on the amount of bitcoins you have that would actually affect the market price of the remaining bitcoins.

    Hmm... what does happen to bitcoins that are "lost" somehow, anyway?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  33. Re:Obligatory. Sorry, eh. by ark1 · · Score: 1

    I doubt, 20K for a large organisation is nothing. The only thing they probably don't want is too much publicity but when you are a publicly funded institution you have to be transparent.

  34. But you don't want to pay for IT expenses... by Tyr07 · · Score: 3, Insightful

    And there you go.

    Remember the IT member who told you, "Hey, this is insecure, we should change this" And you blew him off because you didn't want the expense or didn't care, or thought it would never happen, or thought you knew better? Congratulations, your red face and excuses you're making now to hide the fact that you were told and warned about this are priceless.

    Not that expected behavior is going to change.

    1. Re:But you don't want to pay for IT expenses... by Anonymous Coward · · Score: 0

      What adds insult to injury is that they're paying a hefty sum for Windows licenses *and* getting reamed in the ass by its flaws that allow ransomware to exist.

      Talk about double humiliation (though maybe they enjoy it, who knows).

      Captcha: stockade

    2. Re:But you don't want to pay for IT expenses... by clarkn0va · · Score: 1

      Remember the IT member who told you, "Hey, this is insecure, we should change this" And you blew him off because you didn't want the expense or didn't care, or thought it would never happen, or thought you knew better?

      More likely the IT member said "Hey, this is secure, we should buy it", and executive signed off on yet another inflated IT capital expenditure, because hey, information security is worth the price you pay. In my experience no amount of belt tightening in Canadian post secondary has kept IT from having their expensive toys. No exec wants to be in U of C's position right now, and knowing little about how IT works, they generally capitulate when IT comes with their hand out.

      --
      I am literally 3000 tokens away from the chaotic crossbow --Stephen
  35. Re:Public Executions; bring it back by Anonymous Coward · · Score: 0

    Bring back communism!

  36. If they are stupid enough to run Windows by Anonymous Coward · · Score: 0

    They clearly aren't thinking strategically if they run Windows, pay ransoms, and continue to run Windows.

  37. Paying ransoms should be outlawed by Vadim+Makarov · · Score: 1

    Canada should outlaw paying ransoms. In any case, outlaw paying for government institutions! I am a Canadian taxpayer and I do not want a university to support criminals. Let them just eat the loss if they haven't had backups.

    --
    17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
    1. Re:Paying ransoms should be outlawed by Anonymous Coward · · Score: 0

      They might have got millions of dollars of research grants to do the work. Paying $20,000 is going to be the cheapest option.

    2. Re:Paying ransoms should be outlawed by Vadim+Makarov · · Score: 1

      Nope, there likely isn't any expensive data locked. That would be a minor inconvenience to lots of faculty and staff, likely an embarrassment and some deadlines missed, and next time they will remember to back up properly themselves and give proper heat to the IT staff to do their job. If someone lost any significant amount of work, that is well-deserved and a necessary educational experience. I am actually a professor at another Canadian university (Waterloo). I have a dozen of computers and servers in my research group that hold all sorts of expensive data, and I think it should be that way. No ransoms.

      Besides, there are other non-economical reasons why ransoms should not be paid.

      --
      17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
  38. Dane-Geld by Anonymous Coward · · Score: 1

    It is always a temptation to an armed and agile nation
        To call upon a neighbour and to say: --
    "We invaded you last night--we are quite prepared to fight,
        Unless you pay us cash to go away."

    And that is called asking for Dane-geld,
        And the people who ask it explain
    That you've only to pay 'em the Dane-geld
        And then you'll get rid of the Dane!

    It is always a temptation for a rich and lazy nation,
        To puff and look important and to say: --
    "Though we know we should defeat you, we have not the time to meet you.
        We will therefore pay you cash to go away."

    And that is called paying the Dane-geld;
        But we've proved it again and again,
    That if once you have paid him the Dane-geld
        You never get rid of the Dane.

    It is wrong to put temptation in the path of any nation,
        For fear they should succumb and go astray;
    So when you are requested to pay up or be molested,
        You will find it better policy to say: --

    "We never pay any-one Dane-geld,
        No matter how trifling the cost;
    For the end of that game is oppression and shame,
        And the nation that pays it is lost!"

    ~~Rudyard Kipling

  39. Should have paid in Canadian Tire Money by Anonymous Coward · · Score: 0

    That'll show 'em

  40. BS by jandersen · · Score: 1

    ... serious questions about their ability to protect their data and critical information systems.

    What a stupid thing to say. It isn't lack of ability - universities, of all places would have the experts or easy access to experts in other places to handle security. It is a question of taking the risk serious enough to spend the time and poney. I suspect many universities, or certainly their management, still don't think they have much worth stealing; after all, ideas and research are traditionally shared openly by the scientific community, and that is the real treasure owned and produced by universities. What they need is a rethink - after all, being able to handle "unimportant stuff" like administrative accounts, staff records etc is important too, at least if you hope to get paid.

  41. Re:Obligatory. Sorry, eh. by Anonymous Coward · · Score: 0

    Hoser.

  42. Re:Public Executions; bring it back by hodet · · Score: 1

    Oh Donald...you silly.