UCSF Paid Attackers $1.14 million to Free critical COVID-19 Research Data from its Medical School

September 24th, 2020
UCSF Paid Attackers $1.14 million to Free critical COVID-19 Research Data from its Medical School

The University of California San Francisco has confirmed that they paid over $1.14m to cyber criminals less than a month after they learned that critical academic data related to its COVID-19 research had been compromised.

The University stated that they had discovered an incident that affected some of its School of Medicine servers on June 1. They managed to quarantine the affected system, but the attackers managed to encrypt some of the systems with ransomware and demanded payment. The university believed that patient's medical records were not affected, but the data was significant enough that that they gave in to the attacker’s demands.

A representative from UCSF stated: "The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained."

The cybercriminals were identified as the Netwalker Ransomware Gang. UCSF was the third higher educational institution victimized on the first week of June by the group.

The BBC was able to get ahold of a transcript between UCSF and the criminal gang on the dark web. According to the chat transcript, Netwalker initial ask was $3 Million. UCSF counter offered for the amount of $780,000. The negotiation went back and forth, until they agreed of a sum of $1,140,895. That figure equated to 116.4 bitcoins, which was used as a form of payment.

Ransomware is a big threat every organization, and it’s not just business or financial data that criminals are after. Research data has become an increasing hot commodity especially with the current situation with the pandemic.

One of the most common method that cybercriminals use to infect systems is through phishing emails. These types of emails contain ransomware that could infect and lock the system, unless a ransom is paid.

With cyber security training in place and with proper staff education, organizations can minimize can greatly reduce the chances of a ransomware attacks.