Hackers Extort $1.14m From University of California

Uploaded on 2020-07-06 in TECHNOLOGY--Hackers, FREE TO VIEW

The University of California, San Francisco (UCSF) has confirmed it paid a ransom totaling $1.14 million to criminals behind a cyber attack on its School of Medicine. The hackers are thought to be a criminal group called Netwalker, which has been linked to at least two other ransomware attacks on universities. 

The hacker group struck on 1st June and succeeded in encrypting a number of servers used by the university's School of Medicine.  After detecting the cyber incident, the university successfully isolated the affected servers from the core UCSF network but failed to prevent hackers from using the encrypted data as a bargaining chip.

The university's School of Medicine is a prestigious teaching hospital and was involved in Covid-19 related research when the ransomware attack took place. The university insists that despite hackers encrypting several servers, the incident did not affect the school's patient care delivery operations or Covid-19 work. IT staff unplugged computers in a race to stop the malware spreading.

Unable to access their own systems, UCSF IT Admin staff received a message instructing them to log in to a Dark Web homepage resembling  a customer-service website, with a frequently asked questions (FAQ) tab, an offer of a "free" sample of its software and a live-chat option.  But there was  also a countdown timer ticking down to a time when the hackers either double the price of their ransom, or delete the data they have scrambled with malware and a demand for $million. 

But  UCSF representatives attempted to negotiate, explained the coronavirus pandemic had been "financially devastating" for the university and begged them to accept $780,000. 

After a day of back-and-forth negotiations, UCSF said it had pulled together all available money and could pay $1.02m - but the criminals refused to go below $1.5m. Hours later, the university came back with details of how it had found more money and made a a final offer. The next day, 116.4 bitcoins were transferred to Undertakers' electronic wallets and the decryption software sent to UCSF.

Cyber-security experts say these sorts of ransom negotiations with hackers are now happening all over the world  - against the advice of law-enforcement agencies, including the FBI, Europol and the UK's National Cyber Security Centre. 
 
UCSF is now assisting the FBI with its investigations, while working to restore all affected systems. Europol runs a project called No More Ransom, advises victims not pay the ransom on the basis it encourages hackers continue their criminal activities. Despite paying the ransom, the university said it was working to restore the affected servers and is presently working with a leading cyber-security consultant and other outside experts to investigate the incident and reinforce the security of its' IT systems.

Most ransomware attacks begin with a booby-trapped email and research suggests criminal gangs are increasingly using tools that can gain access to systems via a single download. US law enforcement advises against paying ransomware demands, but victimised organisations sometimes meet attackers’ demands when decryption without hackers’ help seems unlikely.

 Bloomberg:      BBC:      Forbes:      TEISS:         CyberScoop:     

You Might Also Read: 

Confidential Data On 24.3m Patients Found Exposed Online:

 

« Hong Kongers Erase Their Digital Footprints
Iran’s Nuclear Site Attacked Following Attempts To Hack Israel's Water System »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cavirin

Cavirin

Cavirin’s Automated Risk Analysis Platform reduces risk and automates security and compliance.

enSilo

enSilo

enSilo secures customers data on premise or in the cloud. Regardless of the where the threat comes from, enSilo can protect your data.

CONCERT

CONCERT

CONCERT is a Computer Emergency Response Team and cyber security information sharing network for companies, institutes and government in Korea.

Appvisory

Appvisory

Appvisory by MediaTest Digital is the leading Mobile Application Management-Software in Europe and enables enterprises to work secure on smartphones and tablets.

Aricoma

Aricoma

Aricoma are Architects of Digital. We aim to become a major player in end-to-end IT services and digital transformation in Europe.

Pipeline Security

Pipeline Security

Pipeline is a leader in cybersecurity, offering comprehensive services to protect organizations from evolving threats.

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo is the UK’s largest cloud and cyber security event.

Nomios

Nomios

Nomios develops innovative solutions for your security and network challenges. We design, secure and manage your digital infrastructure.

Persona Identities

Persona Identities

At Persona, we’re humanizing online identity by helping companies verify that their users are who they say they are.

Tenet3

Tenet3

Tenet3's vision is to make optimal cyber strategy development tractable, data driven, with concrete success metrics. The result is cost effective cyber resilience for our customers.

Zerify

Zerify

Zerify offers the industry’s only video conferencing platform built with a zero-trust architecture to keep your meetings secure, private and business compliant.

Primus Institute of Technology

Primus Institute of Technology

At Primus Institute of Technology our mission is to inspire, support, and empower current and aspiring IT professionals through training and career development workshops.

Open Web Application Security Project (OWASP)

Open Web Application Security Project (OWASP)

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software.

NetHope

NetHope

NetHope is a membership-based organization serving the international nonprofit humanitarian, development, and conservation sector through digital transformation.

Axoflow

Axoflow

Axoflow helps organizations to consolidate their existing solutions for logs, metrics, and traces, and evolve them into a cloud native observability infrastructure.

Maltiverse

Maltiverse

Maltiverse is a threat intelligence platform that provides security teams with high-fidelity threat data and malicious IOCs to enhance detection and response.