The University of California, San Francisco School of Medicine is reported to have paid $ 1.14 million to resolve hacker money for hackers to attack ransom programs on June 1.
According to CBS in San Francisco, UCSF IT staff first discovered a security incident, saying that the attack by the NetWalker team affected “a limited number of medical school servers”.
Although the sites were isolated by internal network experts, the hackers left the servers unavailable and were able to distribute ransomware. A statement published by the University of California:
“Encrypted data is important to some of the academic work we do as a university serving the public. […] That is why we made a difficult decision to pay some ransom, about $ 1.14 million, to the people behind the malware attack in exchange for a tool to open the encrypted data and return the received data . ”
Pirates and UCSF negotiated
BBC News revealed secret negotiations between UCSF officials and the gang, but it did not end successfully.
University officials initially demanded that the ransom be reduced to $ 780,000, but the hackers turned down the offer, saying that if they accepted the reduced amount, it would look like they were “working for nothing.”
Netwalker then warned that it would only accept $ 1.5 million, and that “everyone will sleep in peace.” After a few hours, UCSF employees requested steps to send the payment and offered a final bid of $ 1140,895, which was hacked by the hackers.
Then, the next day, the university staff sent 116.4 Bitcoin (BTC) to retrieve the wallets and receive the decryption program.
The risk of ransomware is “higher than ever”
In an interview with Cointelegraph, Brett Callow, a threat and ransomware expert from Emsisoft Malware Lab, commented:
While public and private sector institutions in the United States, Europe, and Australia are the most common targets for ransomware packages, organizations in other countries are often targeted as well. And since ransomware attacks are data leaks now, the risks associated with these events are greater than ever – for targeted organizations as well as for their customers and business partners. ”
Kallow adds that companies can reduce the likelihood of a successful attack by “following security guidelines – blocking RDP, using multi-factor authentication when required, disabling PowerShell when not needed, etc.”
In early June, Cointelegraph reported that Michigan State University was attacked by representatives of NetWalker Ransomware who threatened to leak student records and financial documents. Then university officials said they would not pay the ransom.