Around 1,800 staff and teachers were locked out of their computers at Los Angeles Valley College this week after a malicious hacker spread ransomware throughout the entire college computer system.
Administrators paid a $28,000 ransom (in bitcoins) to unlock the computers.
It was not an easy choice, but seemed to be the only one, according to the college chancellor.
“In consultation with district and college leadership, outside cybersecurity experts and law enforcement, a payment of $28,000 was made by the District,” Los Angeles Community College District (LACCD) Chancellor Francisco C. Rodriguez, in a statement on Jan. 6, 2017.
“It was the assessment of our outside cybersecurity experts that making a payment would offer an extremely high probability of restoring access to the affected systems, while failure to pay would virtually guarantee that data would be lost.”
The campus newspaper, The Valley Star, covered the story here.
The cyber attackers left a ransom note on one of the servers: “You have 7 days to send us the BItCoin after 7 days we will remove your private keys and it’s impossible to recover your files.”
After the payment was made, the key was delivered to unlock the systems.
The Los Angeles Sheriff’s Department cyber security unit is investigating the incident. A computer security firm — Crypsis Group of Virginia — was also hired to delve into the attack.
LACCD consultant Yusef Robb said there was “hundreds of thousands of files that were potentially affected and will take some time to know the scope of this.”
Ransomware has cost businesses, hospitals, government entities hundreds of millions of dollars.
According to this story from the Los Angeles Daily News, Senator Bob Hertzberg’s office was even hacked while he was writing a new bill that would allow any hacker suspected of employing ransomware to be charged with felony extortion punishable by prison sentences up to four years.” In addition to the harsher punishments, Hertzberg said law enforcement agencies need more funds to hire computer experts and the secrecy that often surrounds hacking incidents needs to be broken so that investigators can do their jobs.
According to the Los Angeles Daily News story, the legislation was prompted by the uptick in ransomware incidents:
There were “more than $200 million in ransomware payments in the first three months of last year, compared with $25 million in all of 2015, according to the FBI. Many cases go unreported. It took the Los Angeles college district five days to announce the attack.”
Hertzberg said that, in addition to stiffer punishment for offenders, law enforcement agencies need more funds to hire computer experts, while a culture of institutional secrecy about being hacked must be broken in order to aid investigators.
Are you covered for identity theft?
Image: Pixabay