304 computers were infected affecting over three thousand students
Information Services and Technology teams were responding to reports of computer issues in some classrooms and labs on Nov. 22, 2016. In their response, the teams soon discovered malware on some of the classroom and lab computers.
A statement released by the University of Alberta revealed that 304 computers, 20 classrooms and 3323 individuals were affected.
Criminal charges have been laid by the Edmonton police service. An Edmonton Journal report on the story revealed that University of Alberta student Yibin Xu, 19, has been charged.
The charges include mischief in relation to computer data, unauthorized use of computer services, fraudulently intercepting functions of a computer system, and use of a computer system with intent to commit an offence.
To deal with the threat, Gordie Mah, Chief Information Security Officer for the University of Alberta, invoked the “computer response protocol” which includes the following standard incident response protocol:
Containment to ensure that the immediate and imminent risk is contained and addressed. This includes eradication of the threat and exposure, forensic analysis of the affected machines, and developing the needed monitoring and detection. Mah said that this is to ensure that there is no further spread and also to identify those that are potentially at risk.
The scale and type of attack are firsts for Mah. “It is the first time the university has been hit with this particular type of attack and the first one of this scale.”
Mah said that universities make an attractive target adding that, “it stands to reason that universities will be targets because for example: at the university of Alberta, apart from its people, information is the most critical asset and so it stands to reason that information will be targeted.”
According to CBC News, in 2016 the University of Calgary was hit with a ransomware attack. Similarly, the Ottawa Citizen reports that Carleton University was also hit with a ransomware attack in late 2016.
Mah affirmed that the only individuals affected were the ones who logged on the affected computers, which were located in the classrooms and labs in the Cameron Library, the Centennial Centre for Interdisciplinary Science and the Computing Science Center.