The Los Angeles Community College District (LACCD) has confirmed a payment of $28,000 in bitcoin toward cybercriminals wielding ransomware. The Los Angeles Valley College (LAVC) was targeted by the extortionists, who successfully encrypted the college’s email systems, voicemail and computer networks.
First detected on December 30, 2016, the attackers forced a week-long deadline to pay the ransom. According to independent student newspaper The Valley Star, a ransom note appeared on a compromised college server and it simply read:
You have 7 days to send us the Bitcoin after 7 days we will remove your private keys and it’s impossible to recover your files.
The ransom note also detailed step-by-step instructions on how to purchase bitcoins along with the process for turning in the payment.
With the college’s winter classes due to begin on January 3rd, District administration promptly reached out to consult with external cybersecurity experts beyond its own IT staff and law enforcement.
In a statement to media outlets, LACCD Chancellor Francisco C. Rodriguez confirmed that a payment of $28,000 was made by the District toward the hackers.
In consultation with district and college leadership, outside cybsersecurity experts and law enforcement, a payment of $28,000 was made by the District. IT was the assessment of our outside cybersecurity experts that making a payment would offer an extremely high probability of restoring access to the affected systems, while failure to pay would virtually guarantee that data would be lost.
Interestingly, the administration was prepared for such an incident, having activated a cybersecurity insurance policy that was in place to avail the resources provided by the policy, which included the assistance of cybersecurity experts.
“We have an insurance policy, a cyber-crime and a cyber-insurance policy and that’s been activated” stated college President Erika Endrijonas.
A decryption key was delivered following the payment, one which was used to “unlock” hundreds of thousands of files in a lengthy process, the press statement confirmed.
According to the FBI, ransomware payments totalled an estimated billion dollars in 2016, a meteoric rise from the $245 million paid in 2015. Those numbers are contested by a cybersecurity industry report which claims that ransomware developers and peddlers took in over $300 million in 2015 alone. Abused by cybercriminals, bitcoin continues to be linked to ransomware as the extortionists chosen method of payments.
The latest high-profile case of extortion via ransomware comes within months of another incident in California that saw San Francisco’s metro system targeted with over 2000 computers compromised. Unlike the Valley College, however, the public transit agency refused to pay the 100-bitcoin ransom (worth $73,000 at the time) by restoring an earlier backup of the data.
Soon after, a Canadian university was also targeted in a ransomware operation, leading to its IT department to ask students to stay off its wireless internet networks while recommending that all users with Windows systems turn off their computers. It is yet unknown if the university made a ransom payment of 39 bitcoins following the attack.
The LACCD’s $28,000 payment in bitcoin is among the highest publicly-revealed ransom fees yet. In February 2016, the Hollywood Presbyterian Medical Center paid $17,000 in bitcoin to recover its files following the compromise of a server in January. Hospital operations were disrupted significantly, enough for its administration to declare an emergency.
Images from Shutterstock.