Cyber Insurance Paid Ransom

UPDATE: Valleys pays ransom with Cyber Insurance

Valley College paid a ransom of $28,000 Friday to cyber hackers who locked local file systems with encryption for the last seven days.

By Solomon Smith

As we reported yesterday (story reprinted below) cyber criminals broke into Valley College’s servers on the day before New Years Eve and were demanding a ransom be paid upon the threat of losing access to important files forever.

The college used a cyber-security insurance policy held by the Los Angeles Community College District to pay the ransom.

“We have an insurance policy, a cyber-crime and a cyber-insurance policy and that’s been activated,” said Valley College President Erika Endrijonas on Friday.

The cost of resetting the systems has also been covered by the LACCD according to Endrijonas, “The district has set up a separate cost center to ensure that there are funds to cover everything it takes to recover, so this is a district expense.”

The college’s IT department said its priority is to restore student email, so they can communicate with students, and bring back other services in a logical manner.

Valley College Information Systems, headed by Hanh Tran, is working with district’s Chief Information Officer Jorge Mata, to recover essential systems.

“Things are progressing…these situations require precision and process” Mata said. “And there are often a lot of steps where there’s no coming back, and if you pick the wrong path, there’s no return.”

When asked about the initial cause of the infection Mata and Tran had no comment

—ORIGINAL STORY—

Valley College is under a deadline to pay ransom or face the loss of its computer files.

By D.R. Harward and Solomon Smith

Hackers recently broke into Valley College’s servers seizing file, email and messaging systems and are ransoming them for almost $30,000.

The cyber attackers left the college a note on one of its servers’ X-drives, requesting the money to be paid by BitCoin.

“You have 7 days to send us the BitCoin after 7 days we will remove your private keys and it’s impossible to recover your files,” said the ransom note that appeared on the college’s servers six days ago.

The extortionists’ note details the process for payment, using point-by-point instructions.   It includes specifics about how to purchase BitCoins, access their site and where to buy the cryptocurrency.  Much like a new start up tech company, there is even a “demo” of the decryption stating: “Check our site, you can upload two encrypted files and we will decrypt your files as demo.”

Wednesday, the college sent text and email alerts notifying staff and students of the breach and the ensuing investigation. A link to a statement put out by Valley College President Erika Endrijonas assured students that the winter classes have not been affected, including the online classes on Canvas.

Valley is not alone in facing this sort of attack, according to the BBC.  Harvard University, University of California-Berkeley and M.I.T. have been amongst a growing legion of schools victimized by ransomware recently. Ransomware first appeared in 2006 in Russia and their effectiveness has been steadily improving ever since according to USA Today.

According to a whitepaper from MalwareBytes Labs about 1,500 attacks occurred in the United States in 2015 and almost 9 percent were directed at educational institutions.

But, educational institutions are not the only ones dealing with the problem, the Hollywood Presbyterian Medical Center recently paid $17,000 in Bitcoin, the  police department in Swansea, Mass. paid $750 to unlock their computers and the U.S. House of Representatives has banned emails from Yahoo mail servers in response to ransomware attacks according to the BBC.

The Valley Star contacted the president’s office, but Endijonas was unavailable for comment.

 

#

2 comments

  1. skaendo2016:
    agree that the story implies that an outside entity initiated their troubles and in retrospect it is almost a certainty that an employee click somewhere they shouldn’t have; I apologize for any confusion caused.

    You are also right about the infection route, in addition to being spread via Word documents, pdf files can infect you too. As can merely visiting an infectious website! So be cautious.

    However, I disagree with your last statement; this most certainly is a hack and hackers perpetrated it.

    Merriam Webster defines a “hacker” as::

    a person who illegally gains access to and sometimes tampers with information in a computer system

    If you consider disabling access to someones hard drive to be tampering, as I do, then wouldn’t you agree that what happened to Valley qualifies as a hack?

  2. The only problem that I have with your story is that 99.9% of the time your files get encrypted like this is from a “phishing” email that someone had to actually download and open via another program like MS Word or similar.

    There was very likely NOT a “hack” (as you people like to say) or any entity that penetrated your systems.

Your thoughts?