LA Valley College Pays Hackers To End Ransomware AttackBy Emily Marks, UniversityHerald Reporter
Los Angeles Valley College has paid $28,000 to hackers in order to end the ransomware attack on its computer network. Officials confirmed that the cyber-payment was sent using bitcoins.
ABC7 Los Angeles reported that the cyber-attack disrupted the school's online, email, financial aid and voicemail systems. It also locked out over 1,500 students and teachers from their computers.
The hack happened on Dec. 30. It compromised the data of 20,000 students.
LA Valley College officials paid the cyber-ransom of $28,000 in bitcoins to unlock the ransomware. They decided to pay because paying the ransom was cheaper than removing the virus.
After the ransom was paid, the hackers gave the school a key to re-open access to its data. The school has confirmed that, so far, no data breach has been identified. Moreover, it seems that LA Valley College had been randomly targeted.
College president Erika Endrijonas admitted that the officials of the school consulted with the cybersecurity experts before they went through with paying the ransom. One of the major factors that they took into consideration was how the locked computers affected its students, faculty and staff.
According to the school newspaper, The Valley Star, the college was able to pay the ransom using its cyber-security insurance policy held by the Los Angeles Community College District. LACCD has also shouldered the cost of resetting the systems.
LA Valley College's IT department has said that it is prioritizing the restoration of student email in order for the administration to communicate with students. They are also slowly bringing back other services.
Speaking to CBS Local, Philip Lieberman, a cyber-security expert and CEO of Lieberman Software Corporation, said that this type of cyber-attack happens all the time. He noted that attackers are usually based in Eastern Europe and they are attacking the U.S. because our government does not have pacts with those nations about the prosecution of cyber-attacks.