U.S. University Pays Over $1M Ransom in Bitcoin to Hackers to Regain Access to Encrypted Data

On June 1, University of California San Francisco (UCSF) detected and subsequently stopped a cyber-attack, wherein threat actors obtained access to a part of the School of Medicine’s IT infrastructure. As part of the attack, the hackers encrypted a number of servers, making them temporarily inaccessible.

According to a June 26 announcement, the attack was most likely opportunistic, with no particular areas being targeted. The university stated that none of the patient medical records and COVID-19 work were exposed. However, the cybercriminals obtained some data “as proof of their action” to further use it in their demand for a ransom payment. The announcement continued:

“The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We, therefore, made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.”

Following the incident, the university initiated an investigation into the event in cooperation with the Federal Bureau of Investigation and cyber-security experts. UCSF expects to reinforce its IT systems’ defense and fully restore the affected servers soon.

Ransom Negotiations on the Darknet

As BBC reported on June 29, UCSF was attacked by the NetWalker ransomware gang, which has been actively targeting the healthcare industry during the coronavirus outbreak. The anonymous source BBC referred to witnessed the negotiations between NetWalker operators and UCSF in a live chat on the darknet.

Given that UCSF is a multi-billion dollar enterprise, the hackers first demanded not less than a $3 million ransom from it, however, a university representative begged them to accept $780,000. The NetWalker operator reportedly responded:

“How can I accept $780,000? Is like, I worked for nothing. You can collect money in a couple of hours. You need to take is seriously. If we’ll release our blog, student records/ data, I am 100% sure you will lose more than our price what we asked. We can agree to an price, but not like this, because I’ll take this like an insult.”

Eventually, the amount of ransom agreed upon by the parties was $1,140,895. The university transferred 116.4 Bitcoins to NetWalker’s digital wallets, while the hackers sent the decryption software to the UCSF.

As forklog.media reported on June 29, the FBI indicated California, Florida, New York, Ohio, Texas, and Washington as the states most vulnerable to Internet crimes, with the highest victim monetary losses or number of victims in 2019. California led the rating in terms of the volume of victim losses.

Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.

Subscribe to our Newsletter