Cyber Incident Victim: Carleton University

On November 29, 2016, Carleton University in Ontario, Canada, experienced a ransomware attack that disrupted critical campus systems. The infection began on Tuesday, targeting Windows-based machines and causing widespread operational failures. The university’s IT department confirmed outages affecting email services, network drives, and the central student portal, which hindered academic and administrative functions. Students using Windows PCs were instructed to avoid network access to prevent further spread of the malware. A university spokesperson publicly identified the incident as ransomware by Tuesday afternoon but could not initially estimate a resolution timeline. While declaring the network safe for reconnection that day, restoration efforts remained ongoing.

The attackers demanded a ransom of 39 Bitcoin (approximately $28,495 USD or $38,274 CAD) to unlock encrypted systems. Carleton University explicitly refused payment and initiated recovery procedures using internal backups. IT staff advised the campus community to disregard all ransom messages displayed on infected devices and to report such alerts to the CCS Help Desk. This response contrasted with the University of Calgary’s decision earlier that June to pay a five-figure ransom after a similar attack, a precedent the article suggested might have influenced targeting of Canadian educational institutions. Carleton’s restoration prioritized core services, though the full duration of recovery operations was unspecified at the time of reporting. The incident highlighted immediate disruptions to academic operations and underscored institutional reliance on backup systems to mitigate extortion attempts.