The University of California paid $1.14 million to hackers in order to decrypt its server which was hit by ransomware attack
The University of California paid $1.14 million to hackers in order to decrypt its server which was hit by ransomware attack.
The University of California, San Francisco (UCSF) is a public research university in San Francisco, California and it is dedicated entirely to health science.
The attack took place on June 1, in UCSF School of Medicine’s IT environment.
Several IT systems we're detached immediately as a safety measure to isolate the infection and fence from travelling to the core UCSF network.
The attackers launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible. The malware encrypted the servers opportunistically, with no particular region being targeted and obtained some data as proof of their action to demand for a ransom payment.
“The data that was encrypted is more important to some of the academic work we pursue as a university serving the public good,” said UCSF.
“We therefore, made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.”
According to a BBC report, the hackers were first demanding $3 million, after negotiations on the dark web with UCSF representative “who may be an external specialist negotiator” they agreed to a ransom of $1.14 million
The cyberattack did not affect the patient care delivery operations, overall campus network.
While researchers at UCSF are among those leading coronavirus-related antibody testing, UCSF said that the attack didn’t impede its Covid-19 work.
The university said it obtained the decryption tool to rebuild access to the files, and copies of the stolen documents after the payment of ransom. The university declined to explain what was in the records that was worth more than $1 million.
The Netwalker ransomware group is believed to be behind the attack and it has also been linked to ransomware attacks on two other universities over the last couple of months.
“It’s always better to prevent and protect rather than to pay, but this is a tough sentiment to swallow after it has occurred,” Moore says, warning that “by paying these criminals it only funds a further round of attacks and continues the cycle of this frustrating malware.”
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: “BlueLeaks” Exposes Data of 200 US police Departments and Exposed Online