June 8, 2016

University of Calgary makes significant progress to address systems issues

A message from Linda Dalgetty, Vice-President, Finance and Services

As has been communicated over the past 10 days, the University of Calgary experienced a cyberattack that impacted its systems. This attack is part of a disturbing global trend of highly sophisticated and malicious malware attacks against organizations including NASA, law enforcement agencies and large health-care institutions. UCalgary IT teams have been working around the clock to address systems issues caused by the attack, and regular updates have been provided to the campus community. 

The expertise of our IT department allowed the university to isolate the effects of the attack and make significant progress towards restoration of the affected portions of our systems. As of Monday, June 6, email was available for faculty and staff. There is no indication that any personal or other university data was released to the public.

As part of efforts to maintain all options to address these systems issues, the university has paid a ransom totalling about $20,000 CDN that was demanded as part of this “ransomware” attack.  A ransomware attack involves an unknown cyberattacker locking or encrypting computers or computer networks until a ransom is paid, and when it is, keys, or methods of decryption, are provided. Ransomware attacks and the payment of ransoms are becoming increasingly common around the world. The university is now in the process of assessing and evaluating the decryption keys. The actual process of decryption is time-consuming and must be performed with care. It is important to note that decryption keys do not automatically restore all systems or guarantee the recovery of all data. A great deal of work is still required by IT to ensure all affected systems are operational again, and this process will take time.

The university is working with various experts in this field, and because this was a criminal act, the Calgary Police Service has been brought in as part of the investigation. As this is an active investigation, we are not able to provide further details on the nature of the attack, specific actions taken to address it, or how or if decryption keys will be used. 

We thank students, faculty and staff for their tremendous patience and understanding as we continue to work through this very challenging issue.