News

UCSF Medical School Pays $1.14 Million to Criminal Hackers

The Netwalker ransomware gang originally demanded $3 million, but the payment was negotiated down by a UCSF official.

June 29, 2020 Robin Hattersley Jump to Comments

San Francisco – The University of California at San Francisco (UCSF) School of Medicine has paid hackers $1.14 million so the school could regain access to data that had been encrypted by malware.

UCSF networks were attacked by Netwalker ransomware on June 1, and the attack was detected on June 3.

“The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” UCSF said in a statement. “We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.”

Fortunately, the incident didn’t affect patient care, the overall campus network or COVID-19 work, according to school officials.

“While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible,” said the school in its statement. “Since that time, we have been working with a leading cyber-security consultant and other outside experts to investigate the incident and reinforce our IT systems’ defenses. We expect to fully restore the affected servers soon.”

The hackers originally demanded $3 million, but the payment was negotiated down by a school representative, reports the BBC, which followed the ransom negotiations in a live chat on the dark web. Although law enforcement agencies discourage negotiating with hackers, cybersecurity experts say these types of negotiations are currently occurring all over the world.

Some ransomware gangs have vowed not to strike healthcare during the coronavirus pandemic, but the Netwalker gang is not one of them. In May, the Netwalker ransomware gang attacked Michigan State University.

On March 10, the Champaign-Urbana Public Health District in Illinois announced its website was taken down by a ransomware attack, making it difficult to distribute accurate information on the pandemic. The website was down for three days until the district paid the $300,000 ransom, according to The Union Leader.

Researchers have also found hackers are increasingly targeting university students and staff members through phishing emails during the coronavirus crisis. In April, a ransomware attack shut down the servers of Illinois Valley Community College.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author

Robin Hattersley, Editor-in-Chief

Contact:

Robin has been covering the security and campus law enforcement industries since 1998 and is a specialist in school, university and hospital security, public safety and emergency management, as well as emerging technologies and systems integration. She joined CS in 2005 and has authored award-winning editorial on campus law enforcement and security funding, officer recruitment and retention, access control, IP video, network integration, event management, crime trends, the Clery Act, Title IX compliance, sexual assault, dating abuse, emergency communications, incident management software and more. Robin has been featured on national and local media outlets and was formerly associate editor for the trade publication Security Sales & Integration. She obtained her undergraduate degree in history from California State University, Long Beach.