Ransomware attack on Red Deer College thwarted
University of Calgary recently paid a $20K ransom
Red Deer College says it managed to ward off a ransomware attack last Friday after an employee downloaded an infected file but quickly noticed something was amiss and alerted the school's IT help desk.
"We were able to lock down the system within about five minutes," said Jim Brinkhurst, vice-president of college services.
"As a result of the quick response, we did not lose any data."
- University of Calgary paid $20K in ransomware attack
- Ransomware attacks easy to launch, security expert warns
Post-secondary institutions, in particular, need to be prepared for these types of attacks, according to Chester Wisniewski, a senior security adviser with Sophos, a computer security firm based in Vancouver.
"I would actually be surprised if any significantly sized organizations — especially something like a university, which is rather difficult to put controls on compared to a company — hasn't experienced some ransomware attacks, although obviously not usually as high of profile or as visibly as the ones at the University of Calgary," he said.
The U of C revealed earlier this month it had paid $20,000 to hackers who infected university computers with ransomware, which encrypts valuable data and renders it useless to the owners unless they pay a fee to the attackers to decrypt it.
Wisniewski said most attacks come in the form of a fake email that tricks recipients into downloading an infected attachment. Lately, he said attackers have targeted Canadians with official-looking emails purporting to come from the Canada Revenue Agency.
He said other attacks rely on exploiting vulnerabilities in software, particular Adobe Flash, to infect computers that visit websites controlled by hackers.
In Red Deer College's case, Brinkhurst said the employee had downloaded a file, not through email, that was infected when she noticed her error and called for support.
The college has been stepping up its defences against cyber attacks in the past six to eight months, he added, with extra training for faculty and staff on how to avoid becoming victims.
Make sure to back up your information
Wisniewski recommends regularly updating your computer's software, running a current anti-virus program, and being skeptical of unsolicited messages asking you download files or visit unfamiliar websites.
Regularly backing up your data is "critically important," he added, and can save you a major headache — in addition to money — in the event that you do fall victim to a ransomware attack.
"At the University of Calgary, it could have saved them $20,000," he said.
"If you've got extra copies of all your sensitive information, you can tell the bad guys to take a hike and just go and get your backup hard drive."