The Los Angeles Community College District paid a $28,000 ransom in bitcoin last week to hackers who took control of a campus email and computer network until a payment was made.

The malicious cyberattack was detected at Los Angeles Valley College on Dec. 30 after a virus locked the campus’ computer network as well as its email and voicemail systems, Chancellor Francisco C. Rodriguez said in a statement.

After consulting with the college’s information technology staff, cybersecurity experts and law enforcement, the district paid the ransom on Jan. 4, a day after classes started, according to district officials. The district has a cybersecurity insurance policy that has been activated and covers such attacks.

“It was the assessment of our outside cybersecurity experts that making a payment would offer an extremely high probability of restoring access to the affected systems, while failure to pay would virtually guarantee that data would be lost,” he said. “After payment was made, a ‘key’ was delivered to open access to our computer systems. The process to ‘unlock’ hundreds of thousands of files will be a lengthy one, but so far, the key has worked in every attempt that has been made.”


The campus’ website, email and voicemail were restored the following day, according to district spokesman Yusef Robb. Classes started as scheduled on Jan. 3 for winter session and have continued to be held.

The district is still unlocking individual files, he said.

Investigators believe the unidentified hackers used ransomware, a type of computer virus, to hijack the campus’ computer system and take control of it until a payment was made, said Capt. Rod Armalin of the Los Angeles County Sheriff’s Department’s Community College Bureau. The Sheriff’s Department began investigating the attack the next day.

Armalin said the Sheriff’s Department did not discuss with the district whether the ransom should be paid.


“We would not recommend either way,” he said.

The Valley Glen campus, according to officials, was randomly targeted.

Although the investigation is ongoing, it appears no data were breached during the attack, according to the district.

The Sheriff’s Department’s Fraud and Cyber Crimes Bureau is working on training the district’s nine campuses in online security, Armalin said.


Phil Lieberman, a cybersecurity expert, said attacks such as the one at Los Angeles Valley College are common among companies and government agencies that use the Internet.

“The attacks generally come out of Eastern Europe and cannot be stopped because the United States does not have pacts with the countries where the attacks are launched,” he said.

Ransomware is usually delivered via email or through an infected website and immediately locks a computer system, Lieberman said. After a payment is received, hackers provide an “unlock code.”

Finding the hackers isn’t the hard part, he said.


The problem, according to Lieberman, is that “the U.S. government has no way to stop them, since the governments of the countries that launch this are uncooperative and in fact benefit from the criminal activity going on within their borders.”

The low-cost attacks are successful for hackers, he said. Hackers usually come up with their own scheme to get victims to click and download a virus.

“Companies do generally pay out if they do not have backups of their data and the data has value,” Lieberman said.

A similar attack disabled computer systems at Hollywood Presbyterian Medical Center in February. Hackers gained control of the hospital’s system and demanded 40 bitcoin, at the time the equivalent of about $17,000.


The hospital paid the ransom to free and regain control of its infected computer system.

veronica.rocha@latimes.com

For breaking news in California, follow @VeronicaRochaLA on Twitter.

ALSO


A year in, L.A. Unified’s insider superintendent has made no big waves

UCLA professor sanctioned over sexual misconduct allegations returns to teaching, sparking protests

USC taps diversity expert to run new research center on race and equity


UPDATES:

3:25 p.m.: This article was updated with details about the ransom being paid on Jan. 4 and information on the systems that have been restored.

This article was originally published at 11:45 a.m.