A Los Angeles school has paid a whopping $28,000 to regain access to key systems after being hit by a ransomware attack, as reports resurface that $1 billion may have been generated from such scams in 2016.
Los Angeles Valley College spotted the infection on 30 December, and decided to pay up in Bitcoin on 4 January, a day after it reopened for 2017, after consulting law enforcement and third party experts.
“It was the assessment of our outside cybersecurity experts that making a payment would offer an extremely high probability of restoring access to the affected systems, while failure to pay would virtually guarantee that data would be lost,” said chancellor Francisco Rodriguez, in a statement seen by the LA Times.
“After payment was made, a ‘key’ was delivered to open access to our computer systems. The process to ‘unlock’ hundreds of thousands of files will be a lengthy one, but so far, the key has worked in every attempt that has been made.”
The incident illustrates the high fees cybercriminals are now demanding from ransomware victims.
Lieberman Software VP of product strategy, Jonathan Sander, said it also shows the importance of backing up, which the school had not done adequately.
"Ransomware is not an act of God. In most cases it can be prevented by being careful with email and phishing attacks or remediated by having good backups. You have to pay ransomware attackers when you have no way to get back the data they lock up,” he argued.
“If you had a backup of that data that was not hit by the ransomware, then you restore that and go on with life. Of course, to maintain good backups an organization needs good IT staff and equipment. Neither is free. Schools, especially big city schools, don't tend to have the money for that.”
The news comes as reports re-emerged of the FBI predicting a $1 billion ransomware windfall for cybercriminals in 2016.
There have been no such official updates from the FBI since it made the prediction back in April, although separate unnamed sources have confirmed the figure.