30 June 2020

University of California pays $1.14 million after ransomware attack


University of California pays $1.14 million after ransomware attack

The University of California San Francisco (UCSF) has admitted it paid $1.14 million to the Netwalker ransomware operators who compromised the UCSF School of Medicine’s IT network, stealing data and encrypting systems.

UCSF said on June 1 its School of Medicine’s IT environment was hit by a cyber attack which resulted in a limited number of servers being encrypted by the Netwalker ransomware. The incident did not affect patient care delivery operations, overall campus network, or work related to the COVID-19 research.

“Our investigation is ongoing but, at this time, we believe that the malware encrypted our servers opportunistically, with no particular area being targeted,” university officials said in a press release. “The attackers obtained some data as proof of their action, to use in their demand for a ransom payment. We are continuing our investigation, but we do not currently believe patient medical records were exposed.”

The officials also explained that the university decided to pay the ransomware operators a portion of the ransom demand, approximately $1.14 million, because “the data that was encrypted is important to some of the academic work.”

According to a BBC report, the attackers were initially demanding a ransom of $3 million but this sum was negotiated down by the UCSF representative, who explained that the coronavirus pandemic had been "financially devastating" for the university. In the end, UCSF transferred 116.4 bitcoins to Netwalker's electronic wallets in exchange for the decryptor.

Back to the list

Latest Posts

Three Iranians charged for attacks on US aerospace and satellite companies

Three Iranians charged for attacks on US aerospace and satellite companies

For at least four years the defendants were orchestrating hacking campaigns against numerous companies and organizations in the United States and abroad.
18 September 2020
A patient dies during a ransomware attack against a German hospital

A patient dies during a ransomware attack against a German hospital

The German authorities said the attack was aimed at the Heinrich Heine University, to which the Duesseldorf hospital is affiliated, and not at the UKD itself.
18 September 2020
Source code of Cerberus banking trojan offered for free on underground forums

Source code of Cerberus banking trojan offered for free on underground forums

In July, the developers of Cerberus have put up the entire project on auction due to the crew breaking up and having no time to support the operation 24/7.
17 September 2020