They’ve robbed the hospitals, and now they’re coming for the universities. In the latest example of a frightening trend in cyber crime, attackers used software to capture email accounts at a higher-learning institution, releasing them only after the school paid a ransom.
The victim was the University of Calgary, a major research center, that acknowledged on Tuesday it paid $20,000 CDN (about $16,000) to recover emails that been encrypted for a week. The school said it does not know the identity or location of the attackers, but that it recognized the nature of the attack upon receiving a ransom note.
An official told the CBC that the school had received decryption keys in return for the payment, and that it has been able to use the keys to unlock email accounts.
This is a common scenario in ransomware attacks in which criminals seize an institution’s files or email accounts, and basically freeze them until the target pays up. If the victim does not pay, or if the attacker does honor the promise to supply decryption keys, the affected computer system remain inaccessible and worthless.
The most notorious example of a ransomware attack took place in March when criminals locked down the computers of a Los Angeles hospital, including patient data, until the hospital paid $17,000.
Get Data Sheet, Fortune’s technology newsletter.
While an attack on university computers may not represent the same sort of life-or-death threat as those of a hospital, the official at the Calgary school explained why the stakes were so high.
“[B]ecause we do world-class research here … we did not want to be in a position that we had exhausted the option to get people’s potential life work back in the future if they came today and said, ‘I’m encrypted, I can’t get my files,'” said the official in a statement cited by the CBC.
While there have been reports of cyber criminals deploying ransomware against a growing variety of institutions, including schools and power grids, the University of Calgary attack appears to be the first time a university has publicly acknowledged being hit by such an attack.
The ransomware attacks have proliferated in part because the technology for deploying them has become cheaper and more widely accessible on the so-called dark web.
While such attacks are potentially devastating, there are steps institutions can take to avert them. As my colleague Robert Hackett explained last month, an Illinois health organization had its files seized by ransomware but ultimately chose not to pay the attacker. The reason was because one of its executives recalled the health provider had used a backup software service called Exablox (there are other such companies with names like code42 and Zerto), which meant it had outside copies of all its valuable data.