The Los Angeles Community College District paid nearly $30,000 to regain access to computer systems seized by a ransomware infection that was discovered as students showed up for the first day of classes, educators said this week.
Roughly 1,800 teachers and staff of Los Angeles Valley College found themselves unable to access campus computers Tuesday, the start of the semester, due to being targeted by what District Chancellor Francisco Rodriguez described as “malicious cyber activity,” Los Angeles Daily News reported this weekend.
College officials notified students of the incident in a campus-wide alert Wednesday, and issued a follow-up Friday that said a ransom had been paid in hopes of regaining access to the compromised computers.
“In consultation with district and college leadership, outside cybersecurity experts and law enforcement, a payment of $28,000 was made by the District,” Mr. Rodriguez said in Friday’s statement.
“It was the assessment of our outside cybersecurity experts that making a payment would offer an extremely high probability of restoring access to the affected systems, while failure to pay would virtually guarantee that data would be lost.”
The payment was made in response to instructions that appeared in a ransom note that was found on school servers this week and displayed on the screens of some affected machines, McClatchy reported.
“You have 7 days to send us the BitCoin after 7 days we will remove your private keys and it’s impossible to recover your files,” the note said, as reported first by The Valley Star campus newspaper.
“After payment was made, a ‘key’ was delivered to open access to our computer systems,” Mr. Rodriguez said in Friday’s statement. “The process to ‘unlock’ hundreds of thousands files will be a lengthy one, but so far, the key has worked in every attempt that has been made.”
The district’s decision to make payment is not uncommon among victims of similar “ransomware” attacks, an internet-enabled extortion tactic that resulted in approximately $209 million during the first three months of 2016, according to the FBI.
More recently, San Francisco’s Municipal Railway endured a ransomware infection in Nov. 2016 that resulted in free fares for passengers after light-rail officials decided to take affected machines offline. In lieu of paying the $73,000 request ransom, however, Muni said it suffered roughly $50,000 in lost fares.
The Los Angeles Sheriff’s Department cyber security unit as well as a private security firm, Crypsis Group of Virginia, are investigating the incident, Daily News reported Saturday.