No chance of data retrieval, experts say
A Los Angeles school has made a whopping US$28,000 ransomware payment after hackers raided its network.
Attackers had encrypted enough to ruin computer services, email, and messaging at the Los Angeles Community College District.
The school paid the bitcoin ransom after learning it had no other alternatives by way of backups or free decryption methods.
Attackers of unknown origin encrypted hundreds of thousands of files on New Years Eve affecting much of the campus’ 1,800 staff and 20,000 students.
The campus newspaper The Valley Star said a note was left on a school server stating that admins had “7 days to send us the BitCoin (sic) after 7 days we will remove your private keys and it’s (sic) impossible to recover your files”.
“It was the assessment of our outside cybersecurity experts that making a payment would offer an extremely high probability of restoring access to the affected systems, while failure to pay would virtually guarantee that data would be lost,” the school wrote in a report [PDF] on the incident.
It is unaware of any other compromise of student data beyond the attack, but says the investigation is complex and evolving.
It is one of the highest publicly-known ransomware demands to be paid, but is not exceptional among private quiet attacks, sources tell Vulture South.
Ransomware designers who spread their wares risk having their work reverse-engineered by white hat security researchers who exploit encryption implementation flaws to offer the public means to decrypt files for free.
Such work is now formalised under the lauded No More Ransom Alliance, which unifies a formerly scattered and silo-ed, but furious effort by malware researchers to lay ruin to scores of ransomware variants.
MongoDB administrators are the latest victims of meddling ransom web scum with tens of thousands of exposed databases being wiped by attackers demanding around $200 for the return of the stolen information.
Bootnote: This writer has argued that paying ransoms is a legitimate if unfortunate last response to ransomware; cries from law enforcement that payments mean shoring up criminal business models is not the primary concern of administrators. ®
Sponsored: Next gen cybersecurity. Visit The Register’s security hub