Hackers are Paid a $28K Ransom from a Los Angeles college!

January 24, 2017

FoxNews reported a cyberattack locked students and faculty out of their accounts at a Los Angeles college. Shockingly, the fearless bandits were paid $28,000 from Los Angeles Valley College.

The school’s newspaper, The Valley Star, reported on Friday, January 6, 2017 that the staff and students of Los Angeles Valley College were locked out of files, emails, and messaging systems after hackers broke into the college’s servers the day before New Year’s Eve. Here’s a tweet from January, 4 when the school took to Twitter to announce the incident was being investigated:

The cyber bullies threatened and demanded the sum of $28,000 be paid or the students and staff would lose access to their important files forever.

The cyber attackers demanded the money be paid by Bitcoin and left a ransom note on the servers’ X-drives:

You have 7 days to send us the Bitcoin send us the Bitcoin send us the Bitcoin after 7 days we will remove your private keys and it’s impossible to recover your files.

They also left a tutorial on how the school can buy the cryptocurrency, access the hacker’s website, and where to buy the Bitcoins. And cleverly, the hackers sent a “demo” of the decryption of the files to the college that read,

“Check our site, you can upload two encrypted files and we will decrypt your files as demo.”

What is cryptocurrency? The preferred method for ransomware criminals were once prepaid cards and other familiar payment types. Now, they prefer cryptocurrency such as Bitcoins, which is electronic cash that is growing in popularity and is known to be popular among online drug traders and hedge fund investors.

Businesses large and small have fallen prey to hackers and their viruses and ransomware in the U.S more and more over the past few years; although, the thieves usually target small to midsized businesses with their ransomware attacks.

In an article published by Paychex, it was reported that most small businesses understand the need for data security, but many still believe hackers are interested only in phishing for big companies, and therefore may not take all the precautions that they should. Matter of fact, statistics compiled by the National Cyber Security Alliance inform us of disturbing stats of small and midsize business vulnerability:

  • Almost 50 percent of small businesses have experienced a cyber attack.
  • More than 70 percent of attacks target small businesses.
  • More than 75 percent of employees leave their computers unsecured.
  • As much as 60 percent of small and medium-sized businesses that experience a data breach go out of business after six months.

It’s more important now than ever to keep your company’s files and emails secured and backed up properly. It’s critical to find IT (Information Technology) solutions that can prevent an attack like this from ever happening. Keep reading to the end of the article to see what one IT Solutions expert advises you to do in a similar situation.

Take for example the story of Grayson Barnes here from this Time Magazine article:

Grayson Barnes had just started working at his father’s law firm in Tulsa, Oklahoma when a note popped-up on one of the computer screens. It informed him that all the files on the firm’s digital network had been encrypted and were being held ransom. If he ever wanted to access them again, he had to pay $500, in the Internet currency Bitcoin, within five days. If he didn’t, the note concluded, everything would be destroyed.

“It wasn’t just a day’s worth of work,” Barnes told TIME. “It was the entire library of documents, all the Word documents, all the Excel.”

Uncertain of what to do next, Barnes called the police and then the Federal Bureau of Investigations. Everyone he spoke to told him the same thing: there was nothing they could do.

If he paid the $500, there was no guarantee he’d get the files back, they said. But if he didn’t pay, there was no way to save the firm’s data and, because many of these sorts of cybercriminals live abroad, there’s no way for the police or the FBI to prosecute the attackers. “They said, basically, ‘Look, we can’t help you,’” Barnes said. Two days later, the firm paid up.

Source: Time Magazine

Ransomware changing with new U.S. President?

How did the victims of L.A. Valley College pay the ransom?

“We have an insurance policy, a cyber-crime and a cyber-insurance policy and that’s been activated,” said Valley College President Erika Endrijonas. The college paid the fee once it was realized it was cheaper to pay the fee in Bitcoins rather than to remove the hackers’ ransomware virus.

Philip Lieberman, a cybersecurity expert, explained to CBS Los Angeles that the school didn’t have too many options really. He said that cyber-attacks like the one Los Angeles Valley College experienced is quite common because the hackers are often based in Eastern European countries that the U.S. doesn’t do business with.

“This is, in fact, a very large, well-organized, multinational group that’s well known to the U.S. government, well known to law enforcement, but can’t be stopped until our country and their country come to an agreement on stopping it,” says cybersecurity expert Philip Lieberman.

That brings the point across whether a change in cyber security will occur as a new U.S. president takes over the White House in Washington, DC. There’s debate whether the new U.S. President, Donald Trump, can work together with these countries in order to stop this from happening.

Source: ABCNews

Trump does have relationships with countries that President Barack Obama didn’t have (and vice versa). It will be interesting to see if this changes hackers approach when attacking businesses in the Midwest and other regions of the country.

Can these types of cyberattacks from “unknown hackers” be prevented?

An IT solutions company in the Midwest has had experience with such attacks. Eric Grimes, Vice President of the IT company Midwest IT Solutions says,

“We have stopped multiple instances of Cryptolocker on our clients’ networks and helped mitigate the damage caused by these viruses with prospects. We have multiple methods of stopping these attacks based on the business’s profile.”

The ransomware Cryptolocker first appeared in 2013 when a ring based in Russia and Ukraine targeted an estimated 500,000 victims and $3 million dollars in ransom. Although this ring was taken down, soon after stronger versions of Cryptolocker have appeared and will continue to emerge.

Should I pay the ransom if I’m found in a similar situation like Los Angeles Valley College or Grayson Barnes?

“A Midwest IT client would not have needed to. A potential partner that does not have the ability to recover their data in a timely manner may be forced to. It’s worth noting that you’re dealing with criminal enterprises and not all victims who pay the ransom get their data back. You also should be aware that this can encourage more attacks as you’re labeled as a target that is willing to pay,” says Grimes.

These attacks are one of many reasons why it’s important for businesses and companies to be equipped with the proper IT help. Midwest IT Solutions uses a proprietary blend of technologies to stop such attacks that includes but is not limited to: Proper Security Fencing, Implementing Best organizational practices and user controls, Firewalls and web filtering, 3rd party antivirus solutions and custom written software to detect, analyze and stop attacks like this in a timely manner.

Midwest IT also has multiple methods to recover data in a timely manner if an attack does occur and is successful.

Why choose Midwest IT Solutions over another company that offers similar services?

“We have a broad background with dealing with these type of events and can evaluate the proper solution a business needs based on their operational goals and budget to minimize their vulnerability to such an attack. No two businesses needs are the same, and it’s our job to review and provide the proper analysis and options to protect against these types of situations.”

Midwest IT Solutions

The reality is that it’s time to make sure you are secure and safe from any such cyberattacks. By outsourcing IT you can find peace of mind by letting a proven company take over your IT needs. A company that values itself on honesty, trust and commitment. Midwest IT Solutions has over 100 years of combined experience in the technology industry!

Whether its virus protection to stop ransomware attacks, network security, spyware protection, server support, technology budgeting, email, printing, or PC support, Midwest IT Solutions offers this and more.

In addition, Midwest IT offers Managed ServicesCirrus Cloud Services, Network ConsultingWebsite Development among many other services and are a good partner for small business owners and office managers that are currently using outsourced IT, as well as for business owners with IT staff and/or IT professionals.

To see what other services Midwest IT Solutions has to offer and to request a quote visit and see for yourself. Midwest IT Solutions serves small and midsized businesses (typically a firm with 10-300 employees), insurance companies (insurance agencies), and law firms located near Chicago, IL; Milwaukee, WI; Madison, WI and everywhere in between.

It’s only a matter of time before you are the next target of a cyberattack if you’re not properly prepared, take action and partner with Midwest IT Solutions, so you can get back to growing your business instead of directing your energy to IT. Click below to see more of Midwest IT Solutions’s blogs.

Midwest IT Blog