Hackers Extort $1.14m From University of California

Uploaded on 2020-07-06 in TECHNOLOGY--Hackers, FREE TO VIEW

The University of California, San Francisco (UCSF) has confirmed it paid a ransom totaling $1.14 million to criminals behind a cyber attack on its School of Medicine. The hackers are thought to be a criminal group called Netwalker, which has been linked to at least two other ransomware attacks on universities. 

The hacker group struck on 1st June and succeeded in encrypting a number of servers used by the university's School of Medicine.  After detecting the cyber incident, the university successfully isolated the affected servers from the core UCSF network but failed to prevent hackers from using the encrypted data as a bargaining chip.

The university's School of Medicine is a prestigious teaching hospital and was involved in Covid-19 related research when the ransomware attack took place. The university insists that despite hackers encrypting several servers, the incident did not affect the school's patient care delivery operations or Covid-19 work. IT staff unplugged computers in a race to stop the malware spreading.

Unable to access their own systems, UCSF IT Admin staff received a message instructing them to log in to a Dark Web homepage resembling  a customer-service website, with a frequently asked questions (FAQ) tab, an offer of a "free" sample of its software and a live-chat option.  But there was  also a countdown timer ticking down to a time when the hackers either double the price of their ransom, or delete the data they have scrambled with malware and a demand for $million. 

But  UCSF representatives attempted to negotiate, explained the coronavirus pandemic had been "financially devastating" for the university and begged them to accept $780,000. 

After a day of back-and-forth negotiations, UCSF said it had pulled together all available money and could pay $1.02m - but the criminals refused to go below $1.5m. Hours later, the university came back with details of how it had found more money and made a a final offer. The next day, 116.4 bitcoins were transferred to Undertakers' electronic wallets and the decryption software sent to UCSF.

Cyber-security experts say these sorts of ransom negotiations with hackers are now happening all over the world  - against the advice of law-enforcement agencies, including the FBI, Europol and the UK's National Cyber Security Centre. 
 
UCSF is now assisting the FBI with its investigations, while working to restore all affected systems. Europol runs a project called No More Ransom, advises victims not pay the ransom on the basis it encourages hackers continue their criminal activities. Despite paying the ransom, the university said it was working to restore the affected servers and is presently working with a leading cyber-security consultant and other outside experts to investigate the incident and reinforce the security of its' IT systems.

Most ransomware attacks begin with a booby-trapped email and research suggests criminal gangs are increasingly using tools that can gain access to systems via a single download. US law enforcement advises against paying ransomware demands, but victimised organisations sometimes meet attackers’ demands when decryption without hackers’ help seems unlikely.

 Bloomberg:      BBC:      Forbes:      TEISS:         CyberScoop:     

You Might Also Read: 

Confidential Data On 24.3m Patients Found Exposed Online:

 

« Hong Kongers Erase Their Digital Footprints
Iran’s Nuclear Site Attacked Following Attempts To Hack Israel's Water System »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Redcentric

Redcentric

Redcentric is a leading UK IT managed services provider. We deliver managed IT, cloud computing, data backup, information security services and managed networks.

ETAS

ETAS

ETAS (formerly Escrypt) is a pioneer and one of today’s leading solution providers for embedded IT security.

CSI

CSI

CSI is a Managed Service Provider (MSP) delivering Hybrid Multi-Cloud, Data Protection, and Cyber Security solutions to highly regulated industries.

Momentum Cyber

Momentum Cyber

Momentum Cyber provides world-class M&A and strategic advice combined with unparalleled senior-level access to the Cybersecurity ecosystem.

Tata Consultancy Services (TCS)

Tata Consultancy Services (TCS)

Tata Consultancy Services is a global leader in IT services, consulting & business solutions including cyber security.

Boeing

Boeing

Boeing is the world's largest aerospace company and leading manufacturer of commercial jetliners, defense, space and security systems.

Rostelecom

Rostelecom

Rostelecom is Russia’s largest integrated provider of digital services and solutions, covering all market segments including consumer, governmental and private organizations.

Contextual Security Solutions

Contextual Security Solutions

Contextual Security Solutions is a leading provider of penetration testing services and IT security & compliance audits.

Hubify

Hubify

Hubify is an experienced, service-driven technology company specialising in business connectivity across mobile, data, voice, cloud, & cyber security solutions.

Accedian

Accedian

Accedian is a leader in performance analytics and end user experience solutions, dedicated to providing our customers with the ability to assure their digital infrastructure.

Focus Digitech

Focus Digitech

Focus Digitech helps you with your digital transformation journey with our main core offerings of Cloud, Cybersecurity, Analytics and DevOps.

Eden Data

Eden Data

Eden Data is on a mission to break the outdated mold of traditional cybersecurity consulting. We handle all of your security, compliance & data privacy needs.

Hetz Ventures

Hetz Ventures

Hetz Ventures is a global-facing VC investing in highly talented and ambitious Israeli founders who operate at the cutting edge of deep technology.

VT Group (VTG)

VT Group (VTG)

VTG delivers force modernization and digital transformation solutions that expand America’s competitive advantage in the modern battlespace.

SpectrumWise

SpectrumWise

SpectrumWise is a business technology specialist that provides Managed Services and Managed Security for small and medium IT Networks.

ITConnexion

ITConnexion

ITConnexion is an Australian-based Managed IT Service with over 20 years of experience. We offer a complete IT management service for non-profits, SMEs, and enterprises.