"In consultation with district and college leadership, outside cybersecurity experts and law enforcement, a payment was made by the District. It was the assessment of our outside cybersecurity experts that making a payment would offer an extremely high probability of restoring access to the affected systems, while failure to pay would virtually guarantee that data would be lost."
"You have 7 days to send us the BitCoin after 7 days we will remove your private keys and it’s impossible to recover your files."As of this writing, it's unclear who the actors were behind the attack or what ransomware they used to target LAVC. Fortunately, the infection did not affect winter classes at the educational institution. There's also no evidence to suggest the computer criminals stole or abused the sensitive information of staff, faculty, and students. LAVC used their digital security insurance policy to pay the attackers. It makes clear in its update that doing so has thus far helped it recover its data:
"After payment was made, a 'key' was delivered to open access to our computer systems. The process to 'unlock' hundreds of thousands files will be a lengthy one, but so far, the key has worked in every attempt that has been made."The school's lucky. Ransomware authors are under no obligation to hand over a decryption key. And even if they do stay true to their word, coding errors in their software could prevent the decryption key from working for a victim. With that said, organizations should work towards preventing a ransomware infection by following these strategies. They should also never pay the ransomware authors unless it's their last resort. Here's what they should do before they make that decision.