The University of California San Francisco (UCSF) has admitted it paid $1.14 million to the Netwalker ransomware operators who compromised the UCSF School of Medicine’s IT network, stealing data and encrypting systems.
UCSF said on June 1 its School of Medicine’s IT environment was hit by a cyber attack which resulted in a limited number of servers being encrypted by the Netwalker ransomware. The incident did not affect patient care delivery operations, overall campus network, or work related to the COVID-19 research.
“Our investigation is ongoing but, at this time, we believe that the malware encrypted our servers opportunistically, with no particular area being targeted,” university officials said in a press release. “The attackers obtained some data as proof of their action, to use in their demand for a ransom payment. We are continuing our investigation, but we do not currently believe patient medical records were exposed.”
The officials also explained that the university decided to pay the ransomware operators a portion of the ransom demand, approximately $1.14 million, because “the data that was encrypted is important to some of the academic work.”
According to a BBC report, the attackers were initially demanding a ransom of $3 million but this sum was negotiated down by the UCSF representative, who explained that the coronavirus pandemic had been "financially devastating" for the university. In the end, UCSF transferred 116.4 bitcoins to Netwalker's electronic wallets in exchange for the decryptor.