Carleton University says it didn't pay hacker's ransom after cyberattack

Carleton University confirms its IT network was attacked by ransomware — a type of computer virus that uses encryption to effectively hold files hostage in exchange for payment — but that it didn't pay any ransom.

University expected to make a statement on ransomeware attack at 4 p.m. ET Wednesday

A student approaches a computer at Carleton University's MacOdrum Library on Wednesday, Nov. 30, 2016. The university says it did not pay a hacker's ransom after its computer system was disabled. (Jean Delisle/CBC)

Carleton University confirms its IT network was attacked by ransomware — a type of computer virus that uses encryption to effectively hold files hostage in exchange for payment — but said it didn't pay any ransom.

Systems are coming back online little by little after the problem appeared Tuesday morning, Roseann O'Reilly Runte told CBC News on Wednesday.

Classes are happening as regularly scheduled and Wi-Fi is available on campus, she said.

No ransom was paid, according to university spokesperson Don Cumming.

The university is expected to make a statement at 4 p.m. ET.

A graduate student at the university emailed CBC Tuesday to say the attackers asked for payment in bitcoin, a digital currency that is difficult to trace. According to a message he saw on a school computer, the attackers are asking for either two bitcoin per machine, or 39 bitcoin total to release the encrypted files — the latter equalling nearly $38,941 at today's rate on the popular Bitcoin exchange Coinbase.

Students, employees warned Tuesday

On Tuesday morning, students and employees were warned that any Windows-based system accessible from the main network may have been compromised after an external group apparently attempted to hack the school's IT network.

"To reduce traffic on the network, it is recommended that users refrain from using Microsoft Windows systems at the current time and shut down your computer," the school warned in a message posted on its website and Facebook page.

On Wednesday, the university's IT department said work is continuing to restore email services.

People with functioning computers are encouraged to use them and those who don't are asked to refrain from turning them on and to contact the university's IT department.

Previous victims

In June of this year, the University of Calgary was hit by a similar attack. In that case the university paid $20,000 to regain access to its systems.

At the time, university vice-president of finances and services Linda Dalgetty said the school decided to pay the ransom to ensure that no one would lose access to their research.

And just this past weekend, San Francisco's Municipal Transportation Agency (SFMTA) was infected with ransomware that took its ticketing systems offline. During the downtime passengers were allowed to ride for free.

In that case the attackers demanded payment of 100 bitcoin, which is worth about $95,000. In a statement to CBC, SFMTA chief spokesperson Paul Rose said the agency did not pay the ransom and never considered doing so.

Public Safety Canada recommends that victims not pay the ransom requested by their attackers, as there is no guarantee that the locked files will be released, and payment may only encourage more criminals to adopt the tactic.

With files from Matthew Braga