On December 30, 2016, the Los Angeles Community College computer network was kidnapped by cyber criminals requesting a ransom for its return.
The ransomware encrypted the college’s entire network system, including email and voice mail systems. Rather than attempt to restore all of the data days before classes were to resume, on January 4, 2017, the college agreed to pay $28,000 to the hackers for the “key” to allow access to the computer systems. Once the ransom was paid, a “key” was delivered to unlock “hundreds of thousands” of files and according to a college spokesman, “…so far, the key has worked in every attempt that has been made” to retrieve the data.
The college determined with law enforcement and outside experts that there was a high likelihood of restoring the data if the ransom was paid, but a high probability that the data would be lost if the ransom wasn’t paid.
Companies, including higher educational institutions continue to grapple with the question of Ransomware: To Pay or Not to Pay? [see related post]. Until we get to the point where we are able to withstand ransomware attacks and refuse to pay the hackers, more and more companies will be victimized as it continues to be big business for cyber criminals.