The University of California at San Francisco Medical School paid hackers a ransom of $ 1.14 million in cryptocurrencies who were behind a ransomware attack on June 1.
According to CBS in San Francisco, UCSF’s IT staff first discovered the security incident and found it The attack launched by the NetWalker group affected “a limited number of servers in the medical school”..
Although the areas were isolated from the internal network by experts, Hackers made servers inaccessible and successfully deployed ransomware. A statement released by the University of California states:
“The data that has been encrypted is important for some of the academic work that we as a university do for the common good. […] For this reason, we made the difficult decision to pay a portion of the $ 1.14 million ransom to the people behind the malware attack, and to get a tool to encrypt them Data unlocked and the data received can be returned. “
A negotiation was carried out between the hackers and the UCSF
BBC News revealed that A covert negotiation took place between UCSF officials and hackers, but did not end successfully.
University officials initially asked to lower the ransom payment to $ 780,000, but hackers declined the offer.If they accepted the reduced amount, it would be as if they had “worked for nothing”.
Netwalker warned that they would only accept $ 1.5 million and “everyone would sleep well”. Hours later the UCSF employees asked for the following steps to send the payment and submitted a final offer of USD 1,140,895, which was accepted by the hackers.
The next day, university staff sent 116.4 Bitcoin (BTC) to the hackers ‘and purses’ wallets received the decryption software.
The risks associated with ransomware incidents are “greater than ever”.
Brett Callow, a threat analyst and ransomware expert at Emsisoft’s malware lab, told Cointelegraph:
“Although companies in the public and private sectors in the United States, Europe and Australasia are the most common targets for ransomware groups, companies in other countries are also often targeted. And since ransomware attacks are now data breaches, the risks associated with these incidents are bigger than ever, both for target organizations and for their customers and business partners. “
Callow adds that Organizations can minimize the likelihood of a successful attack by adhering to best security practices, blocking RDP, and using multi-factor authentication It can be used anywhere, disabling PowerShell when not needed, etc. “
Cointelegraph reported about this in early June Michigan State University had been attacked by the NetWalker ransomware gang, which threatened to lose student financial records and documents. At the time, university officials said they would not pay the ransom.