Hackers Extort $1.14m From University of California

The University of California, San Francisco (UCSF) has confirmed it paid a ransom totaling $1.14 million to criminals behind a cyber attack on its School of Medicine. The hackers are thought to be a criminal group called Netwalker, which has been linked to at least two other ransomware attacks on universities. 

The hacker group struck on 1st June and succeeded in encrypting a number of servers used by the university's School of Medicine.  After detecting the cyber incident, the university successfully isolated the affected servers from the core UCSF network but failed to prevent hackers from using the encrypted data as a bargaining chip.

The university's School of Medicine is a prestigious teaching hospital and was involved in Covid-19 related research when the ransomware attack took place. The university insists that despite hackers encrypting several servers, the incident did not affect the school's patient care delivery operations or Covid-19 work. IT staff unplugged computers in a race to stop the malware spreading.

Unable to access their own systems, UCSF IT Admin staff received a message instructing them to log in to a Dark Web homepage resembling  a customer-service website, with a frequently asked questions (FAQ) tab, an offer of a "free" sample of its software and a live-chat option.  But there was  also a countdown timer ticking down to a time when the hackers either double the price of their ransom, or delete the data they have scrambled with malware and a demand for $million. 

But  UCSF representatives attempted to negotiate, explained the coronavirus pandemic had been "financially devastating" for the university and begged them to accept $780,000. 

After a day of back-and-forth negotiations, UCSF said it had pulled together all available money and could pay $1.02m - but the criminals refused to go below $1.5m. Hours later, the university came back with details of how it had found more money and made a a final offer. The next day, 116.4 bitcoins were transferred to Undertakers' electronic wallets and the decryption software sent to UCSF.

Cyber-security experts say these sorts of ransom negotiations with hackers are now happening all over the world  - against the advice of law-enforcement agencies, including the FBI, Europol and the UK's National Cyber Security Centre. 
 
UCSF is now assisting the FBI with its investigations, while working to restore all affected systems. Europol runs a project called No More Ransom, advises victims not pay the ransom on the basis it encourages hackers continue their criminal activities. Despite paying the ransom, the university said it was working to restore the affected servers and is presently working with a leading cyber-security consultant and other outside experts to investigate the incident and reinforce the security of its' IT systems.


Most ransomware attacks begin with a booby-trapped email and research suggests criminal gangs are increasingly using tools that can gain access to systems via a single download. US law enforcement advises against paying ransomware demands, but victimised organisations sometimes meet attackers’ demands when decryption without hackers’ help seems unlikely.

 Bloomberg:      BBC:      Forbes:      TEISS:         CyberScoop:     

You Might Also Read: 

Confidential Data On 24.3m Patients Found Exposed Online:

 

« Hong Kongers Erase Their Digital Footprints
Iran’s Nuclear Site Attacked Following Attempts To Hack Israel's Water System »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Fieldfisher

Fieldfisher

Fieldfisher's Technology, Outsourcing & Privacy Group has class-leading expertise in privacy, data & cybersecurity, digital media, big data, the cloud, mobile payments and mobile apps.

Hogan Lovells

Hogan Lovells

Hogan Lovells is an international business law firm with offices across Europe, Asia and the USA. Practice areas include Privacy & Cybersecurity.

Software Engineering Institute (SEI)

Software Engineering Institute (SEI)

At the CERT Division of SEI we study and solve cybersecurity problems, research security vulnerabilities in software, and develop information and training to help improve cybersecurity.

Rafael

Rafael

Rafael has more than 15 years of proven experience in the cyber arena providing solutions for national security as well as commercial applications.

Alsid

Alsid

Alsid helps corporates to anticipate attacks by detecting breaches before hackers can exploit them.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

Vanbreda

Vanbreda

Vanbreda Risk & Benefits is the largest independent insurance broker and risk consultant in Belgium and the leading insurance partner in the Benelux.

Vector Informatik

Vector Informatik

Vector Informatik is a specialist in automotove electronics and provides services, embedded software and tools for securing embedded systems against cyber-attacks.

Cube 5

Cube 5

The Cube 5 incubator, located at the Horst Görtz Institute for IT Security (HGI), supports IT security startups and people interested in starting a business in IT security.

Global Resources

Global Resources

Global Resources' planning and management capabilities support city, regional, and national utility and infrastructure management, and information systems and cyber security service delivery.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.

Gravitee

Gravitee

Gravitee helps organizations manage and secure their entire API lifecycle with solutions for API design, management, security, productization, real-time observability, and more.

Chorus

Chorus

Chorus are a leading Managed Security Service Provider (MSSP), and member of the Microsoft Intelligent Security Association (MISA), with three Microsoft Advanced Specialisations in security.

Diverto

Diverto

Diverto is a company that provides a high level of information security to companies, institutions and other organisations in an information-centric world.

Quantum Dice

Quantum Dice

Quantum Dice is an award-winning venture-backed spinout from Oxford University’s world-renowned quantum optics laboratory.

Dynamic Standards International (DSI)

Dynamic Standards International (DSI)

Dynamic Standards International is a global standards development organization which develops certifiable ‘dynamic standards’ that pace with fast-evolving landscapes.