Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ransomware Thieves Cost Canada University C$20,000 In Bitcoin (itworldcanada.com)

Posted by EditorDavid on from the O,-Canada dept.

dkatana writes: The University of Calgary paid C$20,000 ransom this week after an attack on May 28 targeted computers used by staff and faculty members, crippling multiple systems and encrypting data files and email accounts. After determining that they were unable to recover the data the ransom was paid to "protect the quality and nature of the information we generate at the university," said an official in a press release.

The fact that higher education institutions are now being targeted by ransomware is raising serious questions about their ability to protect their data and critical information systems.
IT World Canada has more details, noting that the university has reported the incident to the police, and that Trend Micro "has seen a 20% uptick in malicious requests to command and control infrastructure from infected machines over the last three months" -- several thousand requests a day.

37 of 87 comments (clear)

  1. Backup by zm · · Score: 1

    How much would an automated (offsite) backup cost them?

    --
    Sig ?
    1. Re:Backup by Firethorn · · Score: 3, Informative

      First, you have to be careful to keep enough backups to avoid the backups getting encrypted and still have an unencrypted copy close enough to the event.

      Second, I support not paying for the same reason I don't want to pay kidnappers - it just encourages them to keep doing it.

      Third, I hope they make it a student project to track down those that received the ransom..

      Getting back on topic. It's very cheap today on a per gigabyte basis. However, most universities will have so much that the raw bill ends up pretty expensive.

      --
      I don't read AC A human right
    2. Re:Backup by epine · · Score: 2

      C$20,000 invested before the fact would have procured a fairly substantial ZFS storage pool.

      Snapshots don't cost much in marginal storage unless the dataset churns vigorously.

    3. Re:Backup by aaarrrgggh · · Score: 2

      But you don't have guaranteed snapshot retention with ZFS, and unless you have less than 50% disk usage you can still get screwed over. We use BTRFS snapshots on our backup system with rsync, and there are still a number of real risks for our small company. These risks are generally known, and we think we have an acceptable restore window -- basically a day for phones, accounting, and copy/print services, and 1-4 hours for the file server.

      Virtualizing should improve things some, but not everything can be redundant.

      Ultimately we are going to need to restrict user rights much more heavily for any meaningful improvement, but I would love to have some ransomeware canaries set up.

    4. Re:Backup by Tough+Love · · Score: 1

      Why are they running Windows?

      --
      When all you have is a hammer, every problem starts to look like a thumb.
    5. Re:Backup by mlts · · Score: 1

      Depends on how much data. At the low end, you can buy a NAS for $100-1000, like a Synology or QNAP model, add drives and attach it to AD or your LDAP server. From there, you can use S3, Azure, or another cloud storage provider for offsite storage. For additional peace of mind, have two NAS models, one whose job is to receive backups from the primary NAS, which provides for 3-2-1 backups (three copies, two on different media, one offsite) with S3. To boot, these NAS models offer encryption, so nothing hits the cloud in plaintext.

    6. Re:Backup by mlts · · Score: 1

      I like having two NAS systems. One the primary, and one just for backups which either deduplicates (like a Data Domain appliance), or stashes deduplicated data (wherever the Veeam repo sits.) With snapshots on the primary for fast recovers should Locky come a knocking, this will help mitigate a ransomware threat. Of course, some form of offsite storage is a must, but one can use what works for them the best, be it tape, cloud, or maybe an external HDD that is used to dump critical files from the share, then gets stashed somewhere secure and offline.

    7. Re:Backup by clarkn0va · · Score: 1

      C$20,000 invested before the fact would have procured a fairly substantial ZFS storage pool.

      Irrelevant. This is a Canadian post-secondary institution we're talking about here. As a former IT employee of such an institution (and despite U of C's connection to Theo de Raadt) I can assure you that a) the backup systems in place are virtual miles away from anything resembling free or open source, and b) purchased and licensed at a cost that is many times higher than $20,000.

      Canadian post-secondary IT is well-enough funded to afford whatever the conference sponsors are pushing. Executive would do well to loosen the purse strings a little when recruiting IT talent, and be a little tighter with their capital. Incidents like this are preventable.

      --
      I am literally 3000 tokens away from the chaotic crossbow --Stephen
  2. Obligatory. Sorry, eh. by Hognoxious · · Score: 1

    I bet they're sorry now.

    Sorry.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  3. $20K is nothing by Anonymous Coward · · Score: 1

    It's just oee students semester of tution fees.

    1. Re:$20K is nothing by ceoyoyo · · Score: 3, Informative

      American universities can easily get to $20k/semester.

  4. This might be what kills bit coin by rsilvergun · · Score: 1

    This keeps up they're gonna start inconveniencing people who matter. There's a reason they use bit coin for this. It's harder to trace and easier to launder.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:This might be what kills bit coin by TeknoHog · · Score: 1

      No, people who cannot spell "Bitcoin" is what kills Bitcoin.

      --
      Escher was the first MC and Giger invented the HR department.
    2. Re:This might be what kills bit coin by Anonymous Coward · · Score: 1

      This is the part that I don't understand though. The transaction paying the ransom is recorded in the public ledger. Everybody can see the wallet the ransom was deposited into. Everybody can track all the transactions in and out of that wallet. When dealing with large amount of cash, it is unlikely the criminals will be paying for a sandwich here and there using this money. At some point, they need to sell these bitcoins in bulk and get cash in return and we will see all the transactions that led to that. Why it is so hard to catch them?

    3. Re:This might be what kills bit coin by hodet · · Score: 1

      Bitcoin tumbling. Enter dirty bitcoin, exit squeaky clean bitcoin.

  5. Re: Florida shooting travesty. Pray for victims. by Anonymous Coward · · Score: 1

    I'm not the douchebag AC you replied to. Slashdot was once exactly the place for news like this. It was just about the only site that stayed up on 9/11. Slashdot was up and providing updates while even CNN was basically offline. It's a strange decision to not post a story about the Orlando shooting in the context of other mass shooting ls that Slashdot has posted about. The relevance to the site is debatable, though. And not posting a story is hardly disrespectful, despite the troll who keeps spamming about it.

  6. Re:How did they steal their Bitcoins? by JcMorin · · Score: 1

    If the data worth more than what the ransom is why not? Even the FBI recommend paying in bitcoin if you really want the data back. It's sound terrible but that's cheap to get a lesson and secure or backup your data properly!

  7. Re:Public Executions; bring it back by Incadenza · · Score: 1

    Find these fuckers and execute them live on PPV. Maybe that would put a damper on this shit.

    I have a musical suggestion for you.

  8. Re:Florida shooting travesty. Pray for victims... by stooo · · Score: 1

    Military are there to kill and to die. it's just their job.

    --
    aaaaaaa
  9. Re:I have an idea by Yvan256 · · Score: 1

    Stop. Using. Computers.

    Sent from my telegraph.

  10. Re:Use of insecure OS costs Canada University $2k. by whoever57 · · Score: 2

    Whoops, should be $20k.

    --
    The real "Libtards" are the Libertarians!
  11. Re: Florida shooting travesty. Pray for victims. by Opportunist · · Score: 1

    Maybe because we get pissed about idiots who post their bullshit in stories that have nothing to do with them. For some odd reason such twits didn't exist 10 years ago.

    Maybe 'cause the relevant people didn't know how to use a keyboard yet.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  12. ...and the stupid morons paid up by JustNiz · · Score: 2

    ...and the stupid morons paid up so they will just encourage them more.

    1. Re:...and the stupid morons paid up by JustNiz · · Score: 1

      >> if it would cost you $1.5 million to recreate the data lost

      Nope, I'd start over and implement a backup policy this time round.

  13. Re: Florida shooting travesty. Pray for victims.. by Opportunist · · Score: 1

    Depending on the amount of bitcoins you have that would actually affect the market price of the remaining bitcoins.

    Hmm... what does happen to bitcoins that are "lost" somehow, anyway?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  14. Re:Obligatory. Sorry, eh. by ark1 · · Score: 1

    I doubt, 20K for a large organisation is nothing. The only thing they probably don't want is too much publicity but when you are a publicly funded institution you have to be transparent.

  15. But you don't want to pay for IT expenses... by Tyr07 · · Score: 3, Insightful

    And there you go.

    Remember the IT member who told you, "Hey, this is insecure, we should change this" And you blew him off because you didn't want the expense or didn't care, or thought it would never happen, or thought you knew better? Congratulations, your red face and excuses you're making now to hide the fact that you were told and warned about this are priceless.

    Not that expected behavior is going to change.

    1. Re:But you don't want to pay for IT expenses... by clarkn0va · · Score: 1

      Remember the IT member who told you, "Hey, this is insecure, we should change this" And you blew him off because you didn't want the expense or didn't care, or thought it would never happen, or thought you knew better?

      More likely the IT member said "Hey, this is secure, we should buy it", and executive signed off on yet another inflated IT capital expenditure, because hey, information security is worth the price you pay. In my experience no amount of belt tightening in Canadian post secondary has kept IT from having their expensive toys. No exec wants to be in U of C's position right now, and knowing little about how IT works, they generally capitulate when IT comes with their hand out.

      --
      I am literally 3000 tokens away from the chaotic crossbow --Stephen
  16. Paying ransoms should be outlawed by Vadim+Makarov · · Score: 1

    Canada should outlaw paying ransoms. In any case, outlaw paying for government institutions! I am a Canadian taxpayer and I do not want a university to support criminals. Let them just eat the loss if they haven't had backups.

    --
    17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
    1. Re:Paying ransoms should be outlawed by Vadim+Makarov · · Score: 1

      Nope, there likely isn't any expensive data locked. That would be a minor inconvenience to lots of faculty and staff, likely an embarrassment and some deadlines missed, and next time they will remember to back up properly themselves and give proper heat to the IT staff to do their job. If someone lost any significant amount of work, that is well-deserved and a necessary educational experience. I am actually a professor at another Canadian university (Waterloo). I have a dozen of computers and servers in my research group that hold all sorts of expensive data, and I think it should be that way. No ransoms.

      Besides, there are other non-economical reasons why ransoms should not be paid.

      --
      17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
  17. Re:How did they steal their Bitcoins? by elistan · · Score: 1

    I don't understand - why pay the ransom when you can just restore from backups? At most, it's less than a single day's worth of userdata lost.

  18. Dane-Geld by Anonymous Coward · · Score: 1

    It is always a temptation to an armed and agile nation
        To call upon a neighbour and to say: --
    "We invaded you last night--we are quite prepared to fight,
        Unless you pay us cash to go away."

    And that is called asking for Dane-geld,
        And the people who ask it explain
    That you've only to pay 'em the Dane-geld
        And then you'll get rid of the Dane!

    It is always a temptation for a rich and lazy nation,
        To puff and look important and to say: --
    "Though we know we should defeat you, we have not the time to meet you.
        We will therefore pay you cash to go away."

    And that is called paying the Dane-geld;
        But we've proved it again and again,
    That if once you have paid him the Dane-geld
        You never get rid of the Dane.

    It is wrong to put temptation in the path of any nation,
        For fear they should succumb and go astray;
    So when you are requested to pay up or be molested,
        You will find it better policy to say: --

    "We never pay any-one Dane-geld,
        No matter how trifling the cost;
    For the end of that game is oppression and shame,
        And the nation that pays it is lost!"

    ~~Rudyard Kipling

  19. Re:budget shortcomings by mlts · · Score: 1

    It isn't just backup software. It is implementation, and the 3-2-1 system, with inherent resistance to malware. Even if one doesn't use tape or cloud, devices like Isilons offer functionality like SmartLock which gives WORM functionality to a directory to ensure that snapshots remain around for a period of time, even if mayhem ensures everywhere else but a physical console.

    With cloud backups, S3 isn't cheap, but it is decent for offsite storage, especially with so many client side encryption APIs available. Even Glacier can be useful for archived data, where it can be encrypted, shoved over, and forgotten about. Yes, it will be expensive to retrieve, but at least it is offsite.

    The problem is that security and backups have no visible ROI in the eyes of most managers, so it always gets the hind teat. Until something breaks, that is.

  20. Re:How did they steal their Bitcoins? by fizzup · · Score: 1

    I think you answered your own question. You pay out if it's cheaper than the amount of lost data (plus any extra downtime that restoring from backup would cause over decrypting all the files, I guess). I assume that UofC officials are competent to make that call.

  21. BS by jandersen · · Score: 1

    ... serious questions about their ability to protect their data and critical information systems.

    What a stupid thing to say. It isn't lack of ability - universities, of all places would have the experts or easy access to experts in other places to handle security. It is a question of taking the risk serious enough to spend the time and poney. I suspect many universities, or certainly their management, still don't think they have much worth stealing; after all, ideas and research are traditionally shared openly by the scientific community, and that is the real treasure owned and produced by universities. What they need is a rethink - after all, being able to handle "unimportant stuff" like administrative accounts, staff records etc is important too, at least if you hope to get paid.

  22. Re:Public Executions; bring it back by hodet · · Score: 1

    Oh Donald...you silly.

  23. Re:Use of insecure OS costs Canada University $2k. by pastafazou · · Score: 1

    There are unix, linux, android, mac OS X, and Chrome ransomware variants. Are you suggesting we all switch back to DOS?