Slashdot Mirror
Ransomware Thieves Cost Canada University C$20,000 In Bitcoin (itworldcanada.com)
dkatana writes: The University of Calgary paid C$20,000 ransom this week after an attack on May 28 targeted computers used by staff and faculty members, crippling multiple systems and encrypting data files and email accounts. After determining that they were unable to recover the data the ransom was paid to "protect the quality and nature of the information we generate at the university," said an official in a press release.
The fact that higher education institutions are now being targeted by ransomware is raising serious questions about their ability to protect their data and critical information systems.
IT World Canada has more details, noting that the university has reported the incident to the police, and that Trend Micro "has seen a 20% uptick in malicious requests to command and control infrastructure from infected machines over the last three months" -- several thousand requests a day.
The fact that higher education institutions are now being targeted by ransomware is raising serious questions about their ability to protect their data and critical information systems.
IT World Canada has more details, noting that the university has reported the incident to the police, and that Trend Micro "has seen a 20% uptick in malicious requests to command and control infrastructure from infected machines over the last three months" -- several thousand requests a day.
First, you have to be careful to keep enough backups to avoid the backups getting encrypted and still have an unencrypted copy close enough to the event.
Second, I support not paying for the same reason I don't want to pay kidnappers - it just encourages them to keep doing it.
Third, I hope they make it a student project to track down those that received the ransom..
Getting back on topic. It's very cheap today on a per gigabyte basis. However, most universities will have so much that the raw bill ends up pretty expensive.
I don't read AC A human right
C$20,000 invested before the fact would have procured a fairly substantial ZFS storage pool.
Snapshots don't cost much in marginal storage unless the dataset churns vigorously.
But you don't have guaranteed snapshot retention with ZFS, and unless you have less than 50% disk usage you can still get screwed over. We use BTRFS snapshots on our backup system with rsync, and there are still a number of real risks for our small company. These risks are generally known, and we think we have an acceptable restore window -- basically a day for phones, accounting, and copy/print services, and 1-4 hours for the file server.
Virtualizing should improve things some, but not everything can be redundant.
Ultimately we are going to need to restrict user rights much more heavily for any meaningful improvement, but I would love to have some ransomeware canaries set up.
Whoops, should be $20k.
The real "Libtards" are the Libertarians!
...and the stupid morons paid up so they will just encourage them more.
And there you go.
Remember the IT member who told you, "Hey, this is insecure, we should change this" And you blew him off because you didn't want the expense or didn't care, or thought it would never happen, or thought you knew better? Congratulations, your red face and excuses you're making now to hide the fact that you were told and warned about this are priceless.
Not that expected behavior is going to change.
American universities can easily get to $20k/semester.