LOS ANGELES – Los Angeles Valley College paid hackers $28,000 in bitcoins to regain control of the school’s computer system after 1,800 administrators and faculty were locked out of their computers for a week.
Valley College officials announced the cyber attack last Wednesday, five days after hackers froze the system with a ransomware virus and demanded money to regain access, the Los Angeles Daily News reports.
The extortionists left a note on the college’s server with a deadline for payment, and promised that all of school’s computer files would be permanently lost if officials did not comply.
“You have 7 days to send us the BitCoin after 7 days we will remove your private keys and it’s impossible to recover your files,” the message read.
The Valley Star reports:
The extortionists’ note details the process for payment, using point-by-point instructions. It includes specifics about how to purchase BitCoins, access their site and where to buy the cryptocurrency. Much like a new start up tech company, there is even a “demo” of the decryption stating: “Check our site, you can upload two encrypted files and we will decrypt your files as demo.”
College officials launched an investigation, but ultimately paid the ransom on Wednesday. They received a “key” to regain access, but expect it will take weeks to unlock all campus computers and assess any dame to the system.
“In consultation with district and college leadership, outside cybersecurity experts and law enforcement, a payment of $28,000 was made by the District,” Los Angeles Community College District Chancellor Francisco C. Rodriquez wrote in a statement on Friday, according to the Daily News.
“It was the assessment of our outside cybersecurity experts that making a payment would offer extremely high probability of restoring access to the affected systems, while failure to pay would virtually guarantee that data would be lost.”
The incident follows similar ransomware attacks in California and elsewhere, including an attack on the Hollywood Presbyterian Medical Center last February that resulted in a $17,000 payment to regain access, as well as an attack on the San Francisco transit system for $73,000, though that attempt was unsuccessful, the Daily News reports.
The FBI reports that more than $200 million in ransomware payments were made during the first three months of 2016, a significant jump from $25 million total in 2015.
“Harvard University, University of California-Berkeley and M.I.T. have been amongst a growing legion of schools victimized by ransomware recently,” the Valley Star reports. “According to a whitepaper from MalwareBytes Labs about 1,500 attacks occurred in the United States in 2015 and almost 9 percent were directed at educational institutions.”
In many cases, officials simply pay the ransom and do not report the breach to avoid embarrassment, though a new California law allows prosecutors to charge hackers who deploy ransomware with felony extortion, punishable by up to four years in prison.
“This stuff is happening everywhere,” California state Sen. Bob Hertzberg, author of the new law, told the Daily News. “My office was hacked while I wrote a ransomware bill. It’s costing billions of dollars.
“If you’re in government, you’re afraid of looking bad. If you’re at Valley College, you don’t want to admit you have a problem.”
The Valley College attack is now under investigation by the Los Angeles Sheriff’s Department’s cyber security team.
The attack also cost the college much more than the $28,000 ransom, as officials hired The Crypsis Group of Virginia to investigate the incident, though the cost of that contract is unknown, according to the news site.
“It’s still very early in the investigation,” LACCD consultant Yusef Robb said. “The first task was to make sure classes were up and running and that data could be recovered.
“There were hundreds of thousands of files that were potentially affected and will take some time to know the scope of this.”
It’s unclear how much, if any, of the cost for the ransom and follow up work is covered by the district’s cybersecurity insurance policy, the Daily News reports.