The University of California at the San Francisco School of Medicine is said to have paid a ransom of $ 1.14 million in cryptocurrencies to hackers behind a ransomware attack on June 1.
According to CBS San Francisco, UCSF IT staff have detected the security incident for the first time, saying that the attack launched by the NetWalker group has affected "a limited number of servers at the School of Medicine".
Although the areas have been isolated by experts from the internal network, hackers have left inaccessible servers and have successfully deployed the ransomware successfully. A statement released by the University of California said:
“The figures are important for part of the academic work that we pursue as a university serving the public good. […] So we made the difficult decision to pay part of the ransom, around $ 1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock encrypted data and return data that they got . "
A negotiation took place between the hackers and the UCSF
BBC News revealed that secret negotiations between UCSF officials and the gang had taken place, but were unsuccessful.
The university officials were first asked to reduce the amount of the ransom to $ 780,000, but the pirates have rejected the offer, saying that if they accepted the reduced amount, it would be as if they had " worked for nothing. "
Netwalker then warned that they would only accept $ 1.5 million and that “everyone will sleep well”. A few hours later, UCSF staff asked how to send the payment and made a final offer of $ 1,140,895, which was accepted by the pirates.
University staff then dispatched 116.4 Bitcoin ( BTC ) to the ransomers' wallets the next day and received the decryption software.
Risks Associated With Ransomware Incidents Are "Greater Than Ever"
Brett Callow, threat analyst and ransomware expert at Emsisoft Malware Lab, said:
"While public and private sector entities in the United States, Europe and Australasia are the most common targets for ransomware groups, entities in other countries are also frequently targeted. And since ransomware attacks are now data breaches, the risks associated with these incidents are greater than ever - both for the target organizations and for their customers and business partners. "
[bad iframe src]
Callow adds that businesses can minimize the likelihood of being attacked successfully by "adhering to security best practices - lock down RDP, use multi-factor authentication wherever it can be used, disable PowerShell when not needed, etc. "
In early June, PassionCrypto reported that Michigan State University had been attacked by the NetWalker ransomware gang, which threatened to disclose student financial records and documents. At the time, university officials said they would not pay the ransom.