Who says crime doesn’t pay? The Los Angeles Community College District forked over $28,000 worth of bitcoin after falling prey to a ransomware virus that locked officials out of the computer network, email, and voicemail systems of Los Angeles Valley College.
The virus locked the school’s systems, offering a key in exchange for the money. The cyber-attack took place over the holidays, according to a statement from the LACCD.
A district representative told Ars Technica that ransom payment was made after consultation with law enforcement, cybersecurity experts, and school leaders. They felt that doing so gave them the best chance of recovering their information. The rep confirmed that after they paid, they received a “key” that allowed them to reopen their systems and files. “The process to ‘unlock’ hundreds of thousands files [sic] will be a lengthy one, but so far, the key has worked in every attempt that has been made.
The school said that while the attack had made their information inaccessible, they did not detect any actual data breaches.
On January 1, a new California law took effect that specifically covers ransomware attacks, making it a crime to use such software. Violators can face up to four years in prison. Before this year, charges against such acts had to be pursued under extortion laws.