Hawaii Community College admits paying ransom to extortionists

Hawaii Community College admits paying ransom to extortionists

After a ransomware attack which saw the personal information of 28,000 individuals stolen by hackers, Hawaii Community College has confirmed that it has paid a ransom.

In a statement published on the University of Hawaii website, the college said that it had made the “difficult decision” to negotiate with the cybercriminals because of the likelihood that stolen personal data would be publicly posted if a ransom was not paid.

The University of Hawaii says that it has now reached an agreement with the cybercriminals (believed to be from the NoEscape ransomware group) that the illegally-obtained information would be destroyed, and continues to work on restoring its network which it expects to complete by mid-August.

Sign up to our free newsletter.
Security news, advice, and tips.

There are divided opinions as to whether ransoms should be paid by organisations hit by a ransomware attack. Although it’s clear that paying a ransom will encourage cybercriminals to launch more attacks, I believe we should also remember that those hit by ransom may feel that they have no other option.

After all, if you don’t pay a ransom demand you are not only risking that the sensitive information of employees, partners, and the public will be released into the wild (at no fault of their own), but you could also be risking the very future of your organisation.

Although relatively rare, there are cases of companies which have gone bust after being hit ransomware, meaning innocent people lose their livelihoods.

Sometimes a pragmatic decision has to be made. We all agree that paying cybercriminals leaves a highly unpleasant taste in the mouth, but you may feel that it is the least worst option.

Some 28,000 current and former students and employees of Hawaii Community College are being contacted about the security breach, and offered credit monitoring and identity theft protection services.

The University of Hawaii believes that the Hawaii Community College was the only one ot its campuses to be impacted by the ransomware attack.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.