tidBiTS
Informs and engages the UNB community on IT developments and news

Malware attack at the University of Calgary

Author: ITS

Posted on Jun 10, 2016

Category: IT Security Alerts

The University of Calgary is in the process of recovering from a significant, widespread malicious software (malware) attack. The attack resulted in 100 computers being infected along with widespread IT service disruptions that lasted nearly a week.

The cybersecurity team at Information Technology Services at UNB has been closely monitoring the situation since the incident began and, along with universities across Canada, has offered its assistance.

The aim of this advisory is to inform the UNB community about what is known about these kinds of attacks and how everyone can work together to help reduce UNB's risk of a similar attack.

What happened?

The malware attack at UCalgary involved a form of cybercrime known as ransomware. Ransomware is the use of software to encrypt or scramble all kinds of files, rendering them inaccessible without a special key, which criminals attempt to sell back to the victim.

Most security experts and police agencies caution against paying ransoms, noting there is no guarantee the keys provided will work and that paying a ransom only encourages further attacks.

It is not known yet exactly when or how the UCalgary attack began. On Saturday, May 28, the school's wireless network, its e-mail and instant messaging systems, and its authentication systems were brought offline. It also advised students, faculty and staff not to use university-issued personal computers.

The request to not use computers was lifted on May 30 and the IT team at UCalgary worked around the clock to restore systems and services. Most services and systems were recovered by June 3rd, though some personal computers remained affected.

What about UNB?

UNB is not more - or less - vulnerable than any other university.

UNB has dealt with similiar kinds of ransomware attacks in the past two years that have impacted specific departments and individuals. Working with clients, ITS has successfully restored systems and services using backup copies of information stored on departmental shared drives, for example. In some cases, tools have been made available that have since allowed information to be decrypted and recovered from individual computers.

In a few isolated cases that we know of, some data stored locally on a personal computer or an external data device such as USB key or hard drive, has not been recoverable after a ransomware attack.

UNB has never paid a ransom.

What can we do to protect UNB?

The best defense against malware and ransomware in general is vigilance and resilience. Most ransomware, but not all, is delivered to victims in the form of e-mail attachments or by visiting infected websites.

While UNB's security technologies such as e-mail security and anti-virus help prevent much of these attacks, some do get through as the volume of attacks continues to increase. UNB, along with other universities, has seen a 229% increase in e-mails with malicious attachments over the past three months, with our university averaging more than 650,000 e-mails per month with malware that were blocked.

Graph of UNB E-mail Borne Malware Trends

To help reduce UNB's risk, we need the help of the entire university community. You can help by:

  • Being careful opening e-mail attachments or links coming from people or groups you don't recognize
  • Being careful with what websites you visit using your UNB-issued devices
  • Keeping your anti-virus software up to date and enabled and avoiding turning off the provided security tools on your UNB-issued device
  • Keeping your computer and key software such as your browser, Adobe Reader, Adobe Flash, Microsoft Silverlight or Java up-to-date with the latest version
  • Keeping critical data backed up on your UNB network drive
  • Keeping copies of your key data in offline storage that is stored securely in a locked cabinet and encrypted if the data contains sensitive personal or other informatio

In addition to your efforts, ITS continues to work with a variety of partners across the university on several initiatives to improve our cybersecurity posture including:

  • A new IT security policy to better inform the entire UNB community of their role in our shared responsibility for the detection, remediation and recovery from cyber attacks and incidents
  • A persistent, year-long IT security awareness effort that includes messages such as this as well as simulated phishing campaigns, an online IT Security Awareness Course as well as briefings to leadership groups, departments and faculties
  • A new cybersecurity roadmap that will lead to the introduction of new tools, techniques and processes to help improve our ability to prevent, detect and recover from attacks. 

If you have any questions about what you can do to be more cyber secure, visit go.unb.ca/itsecurity