Ransomware was behind cyberattack on MUN's Grenfell campus, confirms president
No data was compromised in the attack, says Neil Bose
Memorial University has confirmed that the cyberattack that hit its Grenfell Campus in Corner Brook in December involved ransomware.
The Dec. 29 attack, MUN president Neil Bose told CBC News on Wednesday, encrypted the data on Grenfell's servers and locked out users. Classes were delayed by a week as a result of the attack.
Bose said forensic work done by the university's information technology and external teams, as well as collaboration with the Canadian Centre for Cyber Security, shows no data was compromised. The Grenfell servers are separate from servers in St. John's, both at the main university campus and at the Marine Institute, he added.
"The affected damage was no one could access anything, and none of the data was accessible to us," Bose said Wednesday.
"As soon as it was identified that it was a cyberattack and that data was unavailable … we then took direction from the cybersecurity experts to take us through how to respond, what we should do and so on and so forth. And it's been pretty intense since then, actually."
Ransomware is a type of malicious software designed to block access to a computer system or server until money is paid in order to regain access. Ransomware groups often gain access to servers through tactics like links sent in emails. In some instances, unsuspecting people click a link because the person initiating the attack is masquerading as an official or colleague.
The university told CBC News in an emailed statement that they can't discuss the ransom, as doing so could affect the investigation.
MUN officials were quiet in the days following the attack. Bose said Wednesday the university didn't want to compromise any information in the early days of the investigation.
Sheldon Handcock, an information technology expert based in Gander, speaking to CBC News before MUN agreed to an interview, said the university's initial approach is common practice among affected parties while they investigate attacks and try to shore up potential weaknesses.
The Newfoundland and Labrador government adopted a similar approach after a ransomware attack that affected the provincial health-care system in 2021, when then health minister John Haggie said commenting on the attack could disrupt the investigation.
Bose said elements of the Grenfell server are slowly coming back online and efforts are underway to improve the system. Email systems are up and running, he said, but restoring Internet access in some laboratories is taking longer than anticipated.
"The new system at Grenfell will look somewhat different from the old system in some ways. It's not just a question of, you know, switching the switch and going back to what it was, partly because we have to take the advice of our cybersecurity experts to make sure that what we have going forward is … even more strong than it was," he said.
"We have been planning a process of consolidation of [the three] networks, partly to improve the security aspects of our outreach."
The president of MUN's faculty association, Josh Lepawsky, suggested recently that institutional funding cuts may have had something to do with the cyberattack. Bose dismissed Lepawsky's speculation Wednesday, saying MUN has always prioritized its IT systems.
Download our free CBC News app to sign up for push alerts for CBC Newfoundland and Labrador. Click here to visit our landing page.
With files from Jessica Singer and CBC Newfoundland Morning