Show vulnerabilities with patch / with exploit
30 June 2020

University of California pays $1.14 million after ransomware attack


University of California pays $1.14 million after ransomware attack

The University of California San Francisco (UCSF) has admitted it paid $1.14 million to the Netwalker ransomware operators who compromised the UCSF School of Medicine’s IT network, stealing data and encrypting systems.

UCSF said on June 1 its School of Medicine’s IT environment was hit by a cyber attack which resulted in a limited number of servers being encrypted by the Netwalker ransomware. The incident did not affect patient care delivery operations, overall campus network, or work related to the COVID-19 research.

“Our investigation is ongoing but, at this time, we believe that the malware encrypted our servers opportunistically, with no particular area being targeted,” university officials said in a press release. “The attackers obtained some data as proof of their action, to use in their demand for a ransom payment. We are continuing our investigation, but we do not currently believe patient medical records were exposed.”

The officials also explained that the university decided to pay the ransomware operators a portion of the ransom demand, approximately $1.14 million, because “the data that was encrypted is important to some of the academic work.”

According to a BBC report, the attackers were initially demanding a ransom of $3 million but this sum was negotiated down by the UCSF representative, who explained that the coronavirus pandemic had been "financially devastating" for the university. In the end, UCSF transferred 116.4 bitcoins to Netwalker's electronic wallets in exchange for the decryptor.

Back to the list

Latest Posts

Weekly security roundup: July 6, 2020

Weekly security roundup: July 6, 2020

A short overview of last week's top stories in the world of cyber security.
6 July 2020
North Korean hackers pivot from cryptocurrency theft and ransomware campaigns to online skimming

North Korean hackers pivot from cryptocurrency theft and ransomware campaigns to online skimming

Hidden Cobra has been compromising online stores of large US retailers since at least May 2019.
6 July 2020
Hackers are already attempting to exploit F5 BIG-IP vulnerability

Hackers are already attempting to exploit F5 BIG-IP vulnerability

Two days after the patches for the CVE-2020-5902 flaw have been issued security researchers have started releasing PoC exploits for the vulnerability.
6 July 2020