Hackers Strike College, Demand $2 Million Ransom in Mobile Payments Tool Bitcoin

July 15, 2019         By: Steven Anderson

We don’t usually hear much news about schools, what with this being summer and all, and most schools are shuttered except for the abbreviated schedules of those engaged in summer classes. One school made some serious news today, thanks in part to a mobile payments platform that’s brought with it its share of controversy and then some: hackers recently hit the Monroe College computer system, launching a ransomware attack that brought with it a major demand: $2 million, payable in bitcoin.

The attack struck at 6:45 on Wednesday morning, reports note, and word only got out a while thereafter. Once inside the system, the hackers shut down much of it, demanding 170 bitcoin to unlock the system and bring everything back to normal. That comes out to about $1.962 million as of this writing, and given the downright mercurial nature of bitcoin these days, may only be worth about $170 by the time it’s actually paid.

The NYPD, meanwhile, is treating this as “…a grand larceny committed by extortion,” and is investigating appropriately.

As for the college, it’s not taking things lying down. A rep for the college noted “We are, in fact, under cyberattack. A lot of our systems are being held — we do not have access at the moment. We are obviously taking this very seriously … but we’ve rolled up our sleeves. Monroe was founded in 1933, and what that means is we know how to teach the old-fashioned way.”

Once again we get a prime example of one of the greatest points in cybersecurity that ever directly connected to mobile payments: keep offline backups. Whether it’s a cloud-based backup service, or an air-gapped storage operation on-site, or even both at once, it doesn’t matter. You pull the teeth from ransomware by making it easy to recover from, not by paying thugs millions to get back what you should have had all along.

It’s also an indisputable black eye to the cryptocurrency concept, and one that didn’t need anymore. This is still one of the best means around to accomplish cross-border mobile payments, and being treated as the instrument of cyber low-lifes does it a great disservice.