In a statement sent to media outlets on Wednesday, the Los Angeles Community College District confirmed it paid $28,000 in bitcoin to the hackers in an effort to regain access to a huge number of computer files after malware locked them up at the end of December. The college said it obtained the funds from a cybersecurity insurance policy created to deal with such incidents.
District chancellor Francisco Rodriguez said the malicious cyber activity, which was detected at the end of December, “disrupted many computer, online, email, and voicemail systems” at the college.
The college said early investigations indicated no data breach had occurred, suggesting the cybercriminals were only interested in forcing a payout from the college.
Having evaluated the situation with the help of online security experts, the college concluded it had little choice but to pay the ransom. “Making a payment would offer an extremely high probability of restoring access to the affected systems, while failure to pay would virtually guarantee the data would be lost,” Rodriguez said.
Indeed, after meeting the hackers’ demands, a digital key was sent to the college that’s allowed it to start accessing its locked files, a process it says will take a long time as “hundreds of thousands” of files are involved.
The college said the authorities are currently investigating the crime, though even if the hackers are eventually identified, it’s likely little can be done if they’re located outside the country.
Ransomware payments made last year could total around $1 billion, according to the FBI, marking a massive increase on the $24 million paid to hackers in 2015. Security experts have said it’s likely that such attacks, which are usually launched via malicious email or infected websites, will increase further this year.
While it’s currently difficult to outright prevent ransomware incidents, making backups of important files is one way for unlucky victims to avoid having to hand over money demanded by hackers.
A high-profile ransomware attack in 2016 saw a Hollywood hospital pay out $17,000 to hackers in return for an access key. However, such payments don’t always solve the situation, as Kansas Heart Hospital discovered last May. After meeting hackers’ initial financial demand, the criminals only allowed partial access to files and demanded an additional payment. The hospital said it refused to pay up a second time.
