The Los Angeles Community College District (LACCD) agreed to pay a ransom demand of $28,000 to crooks who managed to infect the computer network of the Los Angeles Valley College (LAVC) with ransomware.
According to LACCD officials, the infection took place on Friday, December 30, 2016, just days before the new year.
School and district officials didn't reveal the type of ransomware that infected their network but based on a summary of events the district officials released online, the infection appears to have spread to their entire network, affecting several services, such as faculty and staff email servers, voicemail services, and more.
Attackers gave the school a week to pay the ransom. LACCD announced last Friday, January 6, 2017, that they've agreed to pay the ransom demand to quickly recover access to their systems and data.
The District might have had their hand forced by the fact that classes resumed on Tuesday, January 3, with the start of the winter session.
Officials used funds from a cybersecurity insurance policy to pay the ransom. After making the payment, LAVC staffers received a decryption key from the crooks who hijacked the school's network.
LAVC officials said the decryption key worked as expected and the school's IT staff is currently slowly unlocking encrypted files and restoring service to computers, one at a time.
To date, the school paid one of the largest ransomware demands to date. Until now, one of the most substantial ransomware payment that was made public was the one paid by the Lansing Board of Water & Light in Michigan, who agreed to pay $25,000 to unlock computers hijacked by ransomware.
Other educational institutions that paid ransomware demands include the University of Calgary, who paid $15,000, and the Horry County School District, who paid $8,500 to recover from a ransomware infection.
In September, California approved a bill that would make the distribution of ransomware a standalone crime, which makes prosecution of such activities much easier. Under the new law, which went into effect on January 1, 2017, a person engaged in ransomware will be convicted of a felony and could be imprisoned up to four years.