Experts say paying ransoms to hackers makes a bigger problem

Earlier this week, the University of Calgary admitted that it bowed to the pressure of some cyber attackers who held their computer systems hostage, forking over $20,000, but many are wondering if that was the right move.

Experts say that cyberattackers that target major organizations with money on their minds are a growing problem in the city.

Recently, officials with Cowboys Casino and Kensington Wine Market say they were also victimized by hackers.

Last December, the owner of Kensington Wine Market was forced to pay $500 in the virtual currency of Bitcoins to get their system out of the clutches of hackers.

Cowboys Casino says personal information was stolen from its systems in a similar attack just last week.

No matter what happens though, experts say that the situation will only get worse when ransoms start to get paid.

“I wouldn’t recommend it,” said Jon Van Dyke with Caffeinated Computer Consulting. “You’re paying for it. You’re paying for a crime. You’re paying for the criminal and where that money ends up, who knows?”

Van Dyke says cyberattacks occur much more frequently than anyone would care to admit. He says it’s likely a daily occurrence.

These attacks, by so-called ransomware, results in a computer or server being encrypted by the attacker.

The files are usually sent by e-mail and masquerade as legitimate attachments or links. Once the victim clicks on the link or opens the attachment, it’s all over.

Van Dyke says that one of the ways companies can protect themselves is making the decision to invest in security software and consider hiring a security analyst to expose flaws.

Both those methods don’t come cheap and that’s what could also be fueling a desire to pay ransoms to hackers.

“It’s still one-third the cost of hiring a security analyst for one year,” said Stephanie Carvin, an Ottawa security analyst. “In some ways it’s cheaper to pay ransom than increase security for a lot of these companies.”

Carvin says companies are also reticent to report the problem because of a number of reasons.

“It doesn’t look good for their reputation, secondly, it’s expensive for them to probably have to pay this ransom and, thirdly, if it’s known they do pay ransoms, they may be subject to attacks in the future.”

Students at the University of Calgary also disagree with the institution’s choice to pay up.

“Well, obviously, $20,000 is a lot,” said Niko Hill. “That money could have gone to better uses; better security in the first place.”

Ryan Garden says it never should have happened. “I think we could have spent it better for sure. We shouldn’t be negotiating with cyber terrorists.”

In light of the University of Calgary attack, other post-secondary schools are on alert with officials saying they are being extra vigilant.