A school based in Los Angeles has been forced to pay $28,000 in bitcoin after cybercriminals successfully infected its computer networks, email systems and voicemail lines with ransomware.
The Los Angeles Valley College (LAVC), part of the Los Angeles Community College District (LACCD), cashed in a cybersecurity insurance policy to pay the ransom. The malware infection, which hit just before New Year's Eve, is now being probed by law enforcement.
According to student media outlet, the Valley Star, the hackers, whose identity remains unknown, left a note on the college servers that said: "You have 7 days to send us the bitcoin after 7 days we will remove your private keys and it's impossible to recover your files."
Like most ransomware attacks of this nature, the culprits left step-by-step instructions on how to submit the funds. "Check our site, you can upload two encrypted files and we will decrypt your files as demo," the cybercriminals reportedly teased.
In the latest statement, LAVC president Erika Endrijonas said external cybersecurity experts made the call to make the payment, assessing that doing so would offer a "high probability" of restoring access to the systems, while failure to pay would "virtually guarantee that data would be lost."
"The district has a cybersecurity insurance policy to address these specific types of cyber intrusions and it was activated during this incident," she added.
Endrijonas said after payment was made, the hacker handed over the "key" so the campus could regain control over the disrupted networks. "The process to 'unlock' hundreds of thousands files will be a lengthy one, but so far, the key has worked in every attempt that has been made," she noted.
LAVC officials maintain that no data breach was identified however said the "complex investigation" remains in its early stages.
Troy Hunt, the founder of breach notification website Have I Been Pwned, told IBTimes UK: "The biggest problem we're facing with ransomware is that the Return on Investment (RoI) justifies paying it.
"As much as we'd like to take the moral high ground on this, when you're faced with the dilemma of either paying a sum of money up front or losing an untold number of valuable files, the business justification for paying the money starts to look pretty good.
"That the criminals involved do actually tend to release the ransomed files only makes the situation worse in terms of organisations justifying paying the ransom."
Over the past 12 months ransomware has not been limited to schools, also hitting hospitals, business owners and the general public. In February, a Los Angeles hospital paid a $17,000 bitcoin ransom after its critical medical systems were infected with the notorious 'Locky' malware.
More recently, in October last year, three UK hospitals – the Diana Princess of Wales in Grimsby, Scunthorpe general and Goole and District – were hit with ransomware that forced the institutions to declare a major incident and cancel a slew of appointments.