Deciding when to pay up: How to respond to hackers in ransomware attack

Tech experts say you can usually negotiate a ransom with hackers, but there is no guarantee you will get your files back even if you give into their demands.

'If you have good backups, you can just tell the ransomware people to take a hike'

Hackers recently demanded 30 bitcoins, a digital currency, from Cambrian College in Sudbury, Ont.

Cambrian College in Sudbury, Ont., has managed to regain control of most of its computer system after hackers infected the network last Thursday with a virus, and demanded electronic money in the form of 30 bitcoins, which is equivalent to approximately $54,000.

Although the administration claims it has not given in to the ransom demands yet, other institutions have in order to reaccess information. 

"It's kind of an individual decision that each person or company that's ransomed has to decide. Can I go on without my files?" said Tom Kennan, author of Technocreep: The Surrender of Privacy and the Capitalization of Intimacy.

"If you've lost vital files, like student grades or a hospital's medical records, you're going to have to pay to probably get them back."

Ransomware attacks encrypt data and usually give victims a timeline to pay up, according to Keenan.

'Have to have very high awareness among your employees'

The duration and fee can typically be negotiated, but he added there is never a guarantee that you will get your information back.

"To avoid it, first of all you have to have very high awareness among your employees that if that Saudi prince wants to share his money with you and you click through on that attachment, you might infect all the networks that you're on and that could be dangerous," Keenan said.

"If you have good backups, you can just tell the ransomware people to take a hike. Reload your files from the backup and you're back on."

The University of Calgary paid a ransom of $20,000 in spring 2016 when it was hit by a cyberattack. 

"We had 10,000 people give or take who may or may not have lost something either on a server or a laptop," said Linda Dalgetty, vice-president of finance and services at the University of Calgary.

"We wanted to be 100 per cent able to manage all options to ensure information came back that was critical, cutting edge and basically the product of the university."

Lessons from University of Calgary hack 

A data breach coach, who was hired to navigate the university through the process, recommended paying the ransom, according to Dalgetty.

Although there was no guarantee the school would get its files back, she said the university was told that hackers usually stay true to their word because it's in their business and lying could lessen their chances of being successful in getting a ransom next time.

Since then, the University of Calgary has tightened its network policies and procedures, improved cyber education, and established clear rules for evaluating and decrypting data.

"Our user community is so much more aware," Dalgetty said.

"Vulnerability monitoring for us is a 24/7 event, not a once a year, let's see where we may have some issues and patch them up and wait for next year."

Dalgetty also said that it was important for the university to go public with the hack and ransom payment. 

'Obvious targets' 

"I will still maintain this a year later, it was the right thing to do," Dalgetty said.

"It put our community at ease because we were able to let them know what had been going on. I think for our broader stakeholders and the community and the government, it allowed them to understand and it opened a really good dialogue."

Schools and hospitals are "obvious targets" for cyberattacks, according to Kennan, because there are often a lot of people with system administration privileges and it only takes one person to be compromised.

There is a lesson to be learned by the fact that malware is targeting large organizations, according to John Aycock, associate professor of computer science at the University of Calgary.

"These are people who have full-time IT people and they're still getting hit," Aycock said.

"I think it really sends a message that, yes, you really do need to stay on top of backups and keeping your software up to date."


Olivia Stefanovich

Senior reporter

Olivia Stefanovich is a senior reporter for CBC's Parliamentary Bureau based in Ottawa. She previously worked in Toronto, Saskatchewan and northern Ontario. Connect with her on Twitter at @CBCOlivia. Story tips welcome: