In the wake of a ransomware attack that compromised the personal data of 28,000 individuals, Hawaii Community College has confirmed its acquiescence to the hackers’ demands. The college, in a public statement on the University of Hawaii’s website, admitted to the “difficult decision” of engaging in negotiations with the cybercriminals. The looming threat of the stolen data being made public was a significant factor in this decision.
The University of Hawaii has reportedly reached an agreement with the cybercriminals, suspected to be from the NoEscape ransomware group. The agreement stipulates the destruction of the illegally obtained information. Meanwhile, the college is in the process of restoring its network, a task expected to be completed by mid-August. The decision to pay a ransom in such situations is a contentious issue.
While it is evident that succumbing to ransom demands emboldens cybercriminals to perpetrate more attacks, it’s also crucial to consider the pressure on the victims of ransomware. The refusal to pay could potentially expose sensitive information of employees, partners, and the public, and even jeopardize the organization’s future. There are instances, albeit rare, where companies have collapsed after falling victim to ransomware, leading to job losses for innocent employees.
Sometimes, a pragmatic decision is necessary, even if it means dealing with cybercriminals, which is undeniably distasteful. The college is reaching out to the 28,000 affected individuals, comprising current and former students and employees, informing them about the security breach. They are also being offered credit monitoring and identity theft protection services. The University of Hawaii maintains that the ransomware attack only impacted Hawaii Community College among its campuses. For more exclusive content on this matter, follow Graham Cluley on Twitter or Mastodon.