The Washington PostDemocracy Dies in Darkness

This college just paid a $28,000 ransom, in bitcoin, to cyberattackers

Los Angeles Valley College. (Photo by Jamie Holladay-Collins/LAVC)

The cyberattack struck Los Angeles Valley College late last month, disrupting email, voice mail and computer systems at the public community college in Southern California. Then, school officials found a ransom note.

The missive advised the college that its electronic files had been encrypted and that the files could only be unlocked with a “private key.” The attackers would supply the key after receiving payment in the valuable digital currency known as bitcoin, which can be used anonymously without a centralized bank.

Why bitcoin just had an amazing year

“You have just 7 days to send us the BitCoin after 7 days we will remove your private keys and it’s impossible to recover your files,” the attackers warned, according to a copy of the note obtained by The Washington Post.

Leaders of the Los Angeles Community College District decided to pay the ransom.

“In consultation with district and college leadership, outside cybersecurity experts and law enforcement, a payment of $28,000 was made by the District,” Francisco C. Rodriguez, the district’s chancellor, said in a statement on Jan. 6. “It was the assessment of our outside cybersecurity experts that making a payment would offer an extremely high probability of restoring access to the affected systems, while failure to pay would virtually guarantee that data would be lost.”

District officials report that the payment yielded the desired information. Email and other information systems were back in working order as Los Angeles authorities investigated what officials believe was a randomly targeted attack. As of Thursday evening, IT experts were still working to unlock some of the college’s files.

Classes were proceeding normally, on campus and online, officials said. Students returned from winter break on Jan. 3, as scheduled, days after the attack was detected on Dec. 30.

The incident at the 19,000-student community college provides another cautionary tale of the vulnerability of higher education to malicious hackers. Like businesses, colleges and universities are in a continual quest to stay a step ahead of attackers who threaten in numerous ways to breach or disrupt critical databases and networks.

The Privacy Rights Clearinghouse counts 19 educational institutions that disclosed data-security breaches in 2016, including hacking episodes at the University of Virginia, the University of Central Florida, the University of Connecticut and Michigan State University.

‘Phishing’ hack at U-Va. compromises employee computer records

Now colleges and other institutions face the rising threat of ransom seekers. The term “ransomware” has been coined to describe software that can infiltrate a computer and block access to files when an unsuspecting user clicks on a malicious download link in an email or a pop-up window.

Hollywood Presbyterian Medical Center in Southern California acknowledged paying a $17,000 ransom last year to regain control of its systems after an attack.

“Ransomware has rapidly risen, from my perspective, to be one of the foremost threats we’re facing in information technology, anywhere, let alone in higher ed,” said Joseph Moreau, vice chancellor of technology at Foothill-De Anza Community College District in Silicon Valley.

Moreau, who serves on the board of directors of Educause, a nonprofit group focused on information technology in higher education, said he found the latest Los Angeles incident “frightening.” Word of the attack spread quickly through California’s large community college system, he said.

“It was big news, for sure,” he said. Staying ahead of hackers is difficult, he said, especially if they are able to steal the user names and passwords of students or staff. “We’re constantly plugging new holes,” Moreau said.

Moreau said his district, like its counterpart in Los Angeles, is insured against losses due to cyberattacks. Los Angeles district officials noted that their insurance policy was activated after the recent attack.

“While much time will pass before this matter is resolved, we have already availed ourselves of the resources provided by the policy, including assistance of cybersecurity experts,” district officials said in a statement.