Crime

Daylight robbery: School hack crooks just strolled off with $28,000

By Oliver Smith 10 January 2017
Summary

Ransom payouts are setting a dangerous precedent.

For one US school the first week of 2017 was far from a relaxing start to the year, instead it’s been an epic fight against hackers who sent the school a $28,000 ransom demand.

On the 6 January is was revealed that Valley College had paid up in full, making it one of the biggest ransomware payouts ever.

While the school may have quickly regained control of its computer services, email, and thousands of file which were encrypted by the hackers and held hostage, the payment sets a rather worrying precedent.

Read more: Free rides after hackers hold San Francisco’s transport network hostage

The big business of ransomware

Valley College’s payment last week actually goes directly against the advice of both the FBI and UK Police, both of whom advise businesses and public organisations not to pay ransoms.

Paying ransoms only reinforces the business models of these criminals, and encourages to keep attacking schools, hospitals and transport networks with these attacks.

Unfortunately these cash-strapped public organisations simply don’t have the expertise to fight or manage such a sophisticated attack, and most of the time paying up is the only option to quickly and cheaply restore their files.

And, as seen in the case of Valley College, public bodies are increasingly paying for cyber-security insurance policies which cover payouts to criminals.

Because of this dynamic and the high certainty of payouts, much to the disappointment of the police, ransomware has and will continue to boom.

Read more: Gold-digging hackers will seize your smart home heating

Paying up

In November 2016 San Francisco’s entire transport network was held hostage in a similar attack where a ransom of around £56,000 was demanded.

Luckily San Francisco managed to wrestle back control of its system, a process which took three days during which residents traveled for free on the network, costing the transport network millions in lost fares – so you can see why payment might have been a ‘better’ option.

Then just this week in the UK the City of London Police’s Action Fraud group warned that scammers have been emailing British school headteachers with ransomware-laden emails, encrypting their computers and demanding up to £8,000 to unlock their files – and many will probably pay up.

That’s why ransomware is on the rise.

In 2017 it’ll be an even bigger threat to our schools, hospitals and transport networks, especially now a precedent of paying up has been set.