Show vulnerabilities with patch / with exploit
30 June 2020

University of California pays $1.14 million after ransomware attack


University of California pays $1.14 million after ransomware attack

The University of California San Francisco (UCSF) has admitted it paid $1.14 million to the Netwalker ransomware operators who compromised the UCSF School of Medicine’s IT network, stealing data and encrypting systems.

UCSF said on June 1 its School of Medicine’s IT environment was hit by a cyber attack which resulted in a limited number of servers being encrypted by the Netwalker ransomware. The incident did not affect patient care delivery operations, overall campus network, or work related to the COVID-19 research.

“Our investigation is ongoing but, at this time, we believe that the malware encrypted our servers opportunistically, with no particular area being targeted,” university officials said in a press release. “The attackers obtained some data as proof of their action, to use in their demand for a ransom payment. We are continuing our investigation, but we do not currently believe patient medical records were exposed.”

The officials also explained that the university decided to pay the ransomware operators a portion of the ransom demand, approximately $1.14 million, because “the data that was encrypted is important to some of the academic work.”

According to a BBC report, the attackers were initially demanding a ransom of $3 million but this sum was negotiated down by the UCSF representative, who explained that the coronavirus pandemic had been "financially devastating" for the university. In the end, UCSF transferred 116.4 bitcoins to Netwalker's electronic wallets in exchange for the decryptor.

Back to the list

Latest Posts

Weekly security roundup: July 13, 2020

Weekly security roundup: July 13, 2020

A short overview of last week's top stories in the world of cyber security.
13 July 2020
Hackers are attempting to exploit recent Citrix vulnerabilities

Hackers are attempting to exploit recent Citrix vulnerabilities

Citrix downplayed the impact of the vulnerabilities and said they are less likely to be exploited compared to CVE-2019-19781.
13 July 2020
Zoom patches critical bug affecting Zoom client for Windows

Zoom patches critical bug affecting Zoom client for Windows

The company has also released a planned update for Phone and Web users, which brings AES-256 bit encryption.
13 July 2020