Hackers Extort $1.14m From University of California

Uploaded on 2020-07-06 in TECHNOLOGY--Hackers, FREE TO VIEW

The University of California, San Francisco (UCSF) has confirmed it paid a ransom totaling $1.14 million to criminals behind a cyber attack on its School of Medicine. The hackers are thought to be a criminal group called Netwalker, which has been linked to at least two other ransomware attacks on universities. 

The hacker group struck on 1st June and succeeded in encrypting a number of servers used by the university's School of Medicine.  After detecting the cyber incident, the university successfully isolated the affected servers from the core UCSF network but failed to prevent hackers from using the encrypted data as a bargaining chip.

The university's School of Medicine is a prestigious teaching hospital and was involved in Covid-19 related research when the ransomware attack took place. The university insists that despite hackers encrypting several servers, the incident did not affect the school's patient care delivery operations or Covid-19 work. IT staff unplugged computers in a race to stop the malware spreading.

Unable to access their own systems, UCSF IT Admin staff received a message instructing them to log in to a Dark Web homepage resembling  a customer-service website, with a frequently asked questions (FAQ) tab, an offer of a "free" sample of its software and a live-chat option.  But there was  also a countdown timer ticking down to a time when the hackers either double the price of their ransom, or delete the data they have scrambled with malware and a demand for $million. 

But  UCSF representatives attempted to negotiate, explained the coronavirus pandemic had been "financially devastating" for the university and begged them to accept $780,000. 

After a day of back-and-forth negotiations, UCSF said it had pulled together all available money and could pay $1.02m - but the criminals refused to go below $1.5m. Hours later, the university came back with details of how it had found more money and made a a final offer. The next day, 116.4 bitcoins were transferred to Undertakers' electronic wallets and the decryption software sent to UCSF.

Cyber-security experts say these sorts of ransom negotiations with hackers are now happening all over the world  - against the advice of law-enforcement agencies, including the FBI, Europol and the UK's National Cyber Security Centre. 
 
UCSF is now assisting the FBI with its investigations, while working to restore all affected systems. Europol runs a project called No More Ransom, advises victims not pay the ransom on the basis it encourages hackers continue their criminal activities. Despite paying the ransom, the university said it was working to restore the affected servers and is presently working with a leading cyber-security consultant and other outside experts to investigate the incident and reinforce the security of its' IT systems.

Most ransomware attacks begin with a booby-trapped email and research suggests criminal gangs are increasingly using tools that can gain access to systems via a single download. US law enforcement advises against paying ransomware demands, but victimised organisations sometimes meet attackers’ demands when decryption without hackers’ help seems unlikely.

 Bloomberg:      BBC:      Forbes:      TEISS:         CyberScoop:     

You Might Also Read: 

Confidential Data On 24.3m Patients Found Exposed Online:

 

« Hong Kongers Erase Their Digital Footprints
Iran’s Nuclear Site Attacked Following Attempts To Hack Israel's Water System »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CERT.AZ

CERT.AZ

The national Cyber Security Center of the Republic of Azerbaijan.

Fidelis Security

Fidelis Security

Fidelis Security is a leading provider of extended threat detection and response (XDR) solutions for your security operations.

Canadian Security Intelligence Service (CSIS)

Canadian Security Intelligence Service (CSIS)

CSIS collects and analyzes threat-related information concerning the security of Canada in areas including terrorism, espionage, WMD, cybersecurity and critical infrastructure protection.

Veriato

Veriato

Veriato develops intelligent solutions that provide companies with visibility into the human behaviors and activities occurring within their network, making them more secure and productive.

RiskCentric

RiskCentric

RiskCentric is a consultancy specializing in risk management and compliance.

G DATA CyberDefense

G DATA CyberDefense

G Data developed the world's first antivirus software. We now ensure the security of small, large and medium-sized companies all over the world.

Aujas Cybersecurity

Aujas Cybersecurity

Aujas has deep expertise and capabilities in Identity and Access Management, Risk Advisory, Security Verification, Security Engineering, & Managed Detection and Response services.

Civic Technologies

Civic Technologies

Civic’s Secure Identity Platform (SIP) uses a verified identity for multi-factor authentication on web and mobile apps without the need for usernames or passwords.

Trilateral Research

Trilateral Research

Trilateral Research provide regulatory and policy advice; develop new data-driven technologies and contribute to the latest standards in safeguarding privacy, ethics and human rights.

BATM Advanced Communications

BATM Advanced Communications

BATM Advanced Communications is a leading provider of real-time technologies for networking and cyber security solutions.

One82

One82

Serving emerging small and medium-sized businesses in California and neighboring regions for over 20 years, One82 has established itself as the most dependable provider of IT support services.

Zeron

Zeron

Zeron build bridges between security teams and top management. Our platform unifies your cyber risk posture seamlessly, encompassing threat insights and quantifiable risk scenarios.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.

CyberKinetics

CyberKinetics

CyberKinetics specializes in cloud-based services and solutions for federal agencies and commercial clients with compliance mandates.

Karthik Consulting (KC)

Karthik Consulting (KC)

Karthik Consulting is a technology service provider specializing in IT services for the U.S. federal government.

Red Alpha Cybersecurity

Red Alpha Cybersecurity

At Red Alpha, we specialize in recruiting and rigorously training individuals passionate about cybersecurity.