Sudbury

Laurentian University taking steps to prevent cyber attacks

Staff and faculty at Laurentian University in Sudbury have been ordered to take emergency training to prepare for cyber warfare.
A man sitting in a studio.
Luc Roy is the chief information officer at Laurentian University in Sudbury. (Markus Schwabe/CBC)

Staff and faculty at Laurentian University in Sudbury have been ordered to take emergency training to prepare for cyber warfare.

In recent months, several universities including Laurentian, have been attacked by cyber thieves, looking to steal digital files and then hold them for ransom.

Earlier this year, the University of Calgary paid a $20,000 ransom to gain access to some of its files.

Luc Roy, the chief information officer at Laurentian University said the school receives about 6,000 spam e-mails each month.

"We've actually seen over 1,000 servers on the internet randomizing their attacks directly to Laurentian University," he said.

"[The hackers] go after three major industries, these thieves. They go after technology, but they also go after agriculture and mining, which we fit one of them."

How it works is the hackers will send an e-mail with an attachment or a link, Roy explained. If someone clicks on that link or opens the attachment, the hacker would be able to get access to the information on the computer and encrypt the files. To reverse the damage, hackers will request money in exchange for the files.

"So what [the hackers have] recognized is that universities, especially students who are doing research [and] faculty doing research, may not actually do a back-up," Roy said.

"So if they lose their data, they're more prone to pay."

Roy said Laurentian has a policy not to pay ransom to hackers, as he said people who do pay are prone to be hacked in the future. He also said 50 per cent of the time, paying the ransom doesn't work.

The university is now in the process of educating staff and faculty to properly backup their files, and avoid clicking on links or downloading files that could contain ransomware.