The University of California at San Francisco has paid a million-dollar ransom following unsuccessful negotiations with a ransomware hacker group.
The hackers had the encrypted data on servers inside the school of medicine, While researchers at UCSF are among those leading coronavirus-related antibody testing, the attack didn’t impede its Covid-19 work, it said. The university is working with a team of cybersecurity contractors to restore the hampered servers “soon.”
“The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. […] We, therefore, made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained. ”
It said in the statement.
According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully.
The intrusion was detected as recently as June 1, and UCSF said the actors were halted during the attack. Yet using malware known as Netwalker, the hackers obtained and revealed data as proof of their action, to use in their demand for a ransom payment . This prompted the UCSF to engage in ransomware negotiations, which ultimately followed with payment.The university declined to say what was in the files that was worth more than $1 million, except that it didn’t believe patient medical records were exposed.
While difficult, the FBI and a host of security researchers have repeatedly warned against paying ransomware demands for several reasons. In particular, the FBI warned that it doesn’t guarantee the return of data or that the decryptor will work, while those payments also fuel further ransomware attacks on both the victim organization and the overall ransomware business model.