Hawaii Community College recently admitted to paying a ransom following a ransomware attack that resulted in the theft of personal information belonging to 28,000 individuals. The college made the difficult decision to negotiate with the cybercriminals in order to prevent the public posting of stolen data. The University of Hawaii, which oversees the college, has reached an agreement with the attackers to destroy the illegally-obtained information. The university is currently working on restoring its network, with completion expected by mid-August. While paying ransoms may encourage more attacks, organizations often feel they have no other choice, as refusing to pay puts sensitive information and the future of the organization at risk. In this case, 28,000 affected individuals are being contacted and offered credit monitoring and identity theft protection services.
The debate surrounding whether or not organizations should pay ransoms in response to ransomware attacks is a divisive one. While it is clear that paying a ransom can incentivize cybercriminals to continue their attacks, it is important to consider the perspective of the organizations affected. Refusing to pay not only puts the personal information of employees, partners, and the public at risk of being released, but it can also jeopardize the future of the organization itself. While rare, there have been instances where companies have gone bankrupt as a result of ransomware attacks, leading innocent people to lose their livelihoods. In such cases, a pragmatic decision must be made, even if it leaves a bitter taste.
As a result of the ransomware attack on Hawaii Community College, approximately 28,000 current and former students and employees are being contacted and offered credit monitoring and identity theft protection services. The University of Hawaii believes that only the Hawaii Community College campus was impacted by the attack, sparing its other campuses from the breach.
To conclude, the decision to pay a ransom in the face of a ransomware attack is a complex one. While it may encourage future attacks, some organizations may feel that it is the least worst option to protect sensitive information and ensure the continuation of their operations. In this case, Hawaii Community College made the difficult decision to negotiate with cybercriminals to prevent the public posting of stolen data. The University of Hawaii is actively working on restoring its network and expects to complete the process by mid-August.
