Hackers Extort $1.14m From University of California

Uploaded on 2020-07-06 in TECHNOLOGY--Hackers, FREE TO VIEW

The University of California, San Francisco (UCSF) has confirmed it paid a ransom totaling $1.14 million to criminals behind a cyber attack on its School of Medicine. The hackers are thought to be a criminal group called Netwalker, which has been linked to at least two other ransomware attacks on universities. 

The hacker group struck on 1st June and succeeded in encrypting a number of servers used by the university's School of Medicine.  After detecting the cyber incident, the university successfully isolated the affected servers from the core UCSF network but failed to prevent hackers from using the encrypted data as a bargaining chip.

The university's School of Medicine is a prestigious teaching hospital and was involved in Covid-19 related research when the ransomware attack took place. The university insists that despite hackers encrypting several servers, the incident did not affect the school's patient care delivery operations or Covid-19 work. IT staff unplugged computers in a race to stop the malware spreading.

Unable to access their own systems, UCSF IT Admin staff received a message instructing them to log in to a Dark Web homepage resembling  a customer-service website, with a frequently asked questions (FAQ) tab, an offer of a "free" sample of its software and a live-chat option.  But there was  also a countdown timer ticking down to a time when the hackers either double the price of their ransom, or delete the data they have scrambled with malware and a demand for $million. 

But  UCSF representatives attempted to negotiate, explained the coronavirus pandemic had been "financially devastating" for the university and begged them to accept $780,000. 

After a day of back-and-forth negotiations, UCSF said it had pulled together all available money and could pay $1.02m - but the criminals refused to go below $1.5m. Hours later, the university came back with details of how it had found more money and made a a final offer. The next day, 116.4 bitcoins were transferred to Undertakers' electronic wallets and the decryption software sent to UCSF.

Cyber-security experts say these sorts of ransom negotiations with hackers are now happening all over the world  - against the advice of law-enforcement agencies, including the FBI, Europol and the UK's National Cyber Security Centre. 
 
UCSF is now assisting the FBI with its investigations, while working to restore all affected systems. Europol runs a project called No More Ransom, advises victims not pay the ransom on the basis it encourages hackers continue their criminal activities. Despite paying the ransom, the university said it was working to restore the affected servers and is presently working with a leading cyber-security consultant and other outside experts to investigate the incident and reinforce the security of its' IT systems.

Most ransomware attacks begin with a booby-trapped email and research suggests criminal gangs are increasingly using tools that can gain access to systems via a single download. US law enforcement advises against paying ransomware demands, but victimised organisations sometimes meet attackers’ demands when decryption without hackers’ help seems unlikely.

 Bloomberg:      BBC:      Forbes:      TEISS:         CyberScoop:     

You Might Also Read: 

Confidential Data On 24.3m Patients Found Exposed Online:

 

« Hong Kongers Erase Their Digital Footprints
Iran’s Nuclear Site Attacked Following Attempts To Hack Israel's Water System »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BruCON

BruCON

Brucon is Belgiums premium security and hacking conference.

Owl Cyber Defense

Owl Cyber Defense

Owl patented DualDiode Technology enables hardware-enforced network segmentation and deterministic, one-way transfer of all data types and file sizes.

AFCERT

AFCERT

AFCERT is the national Computer Emergency Response Team for Afghanistan.

CloudAlly

CloudAlly

CloudAlly provides online cloud to cloud backup and recovery solutions, which backs up daily changes in your SaaS to unlimited Amazon S3 storage and makes it available for restore or export.

Cyber Security Audit Corp (C3SA)

Cyber Security Audit Corp (C3SA)

C3SA specializes in architecting, operating, managing and improving defensible and resilient IT infrastructures for Canada's public and private sectors.

Monegasque Digital Security Agency (AMSN)

Monegasque Digital Security Agency (AMSN)

AMSN is the national authority in charge of the security of information systems in Monaco.

Swascan

Swascan

Swascan is the first all-in-one, GDPR Compliant, Cloud Security Suite Platform. GDPR Assessment, Web Application Scan, Network Scan, Code Review.

Qasky

Qasky

Anhui Qasky Quantum Technology Co. Ltd. (Qasky) is a new high-tech enterprise engaged in quantum information technology industrialization in China.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.

Chugach Government Solutions (CGS)

Chugach Government Solutions (CGS)

CGS performs work for the Federal Government across 4 unique core lines of business, including: Facilities Management and Maintenance, Construction, Technical IT and Cyber Services, and Educational Se

LaScala

LaScala

LaScala is an IT Managed Services provider delivering technical, security, and compliance solutions with dedication, compassion, and agility.

Keyrus

Keyrus

Keyrus is a global consultancy that develops data and digital solutions for performance management.

Ventum Consulting

Ventum Consulting

Ventum Consulting stands for digitalization, networking and agilization. We take this up on the strategic, professional and technical side and support our customers in the digital transformation.

BioID

BioID

BioID are a German company offering deepfake detection, liveness detection, facial authentication & identity verification as a Service. 

Cyber Defense International (CDI)

Cyber Defense International (CDI)

At CDI, we utilize decades of experience in designing and building large-scale cybersecurity programs, creating tailored solutions and services that protect businesses from cyber threats.

SysGroup

SysGroup

SysGroup is an award-winning managed IT services, cloud hosting, and IT consultancy provider.