Hackers used ransomware to extort $ 1.4 million through UCSF networks

Hackers used ransomware to take over parts of UC San Francisco’s network and pushed $ 1.14 million in return for returning access to their files

  • University of California San Francisco lost control of some of its files due to a hack
  • Ransomware was used to encrypt files, and UCSF agreed to pay for their return
  • UCSF has not said which files were compromised, nor how the ransomware entered the system, but the FBI has opened an investigation into the incident

Hackers successfully extorted $ 1.14 million from the University of California San Francisco after breaking the internal networks with malicious ransomware.

The attack was organized by the Netwalker gang, a hacker group using ransomware of the same name, which accessed UCSF’s protected files in early June.

After extensive negotiations with the hackers, UCSF management agreed to pay the hackers 116.4 bitcoins or $ 1,140,895 in exchange for returning their files.

The FBI is currently investigating the attack, and UCSF management has not disclosed how the hackers introduced the ransomware to their network, nor described which specific files were affected.

Hackers attacked the University of San Francisco in early June with a ransomeware attack, barring personnel from several important files on their network

Hackers attacked the University of San Francisco in early June with a ransomeware attack, barring personnel from several important files on their network

“The encrypted data is important to some of the academic work we pursue as a university that serves the public interest,” a UCSF spokesperson told the BBC.

“That’s why we made the tough decision to pay part of the ransom, about $ 1.14 million, to the people behind the malware attack in exchange for a tool to recover the encrypted data and the return of the data obtained to unlock. “

The Netwalker gang has previously attacked a number of other institutions with ransomware, including parts of a local Austrian city government network, servers from Michigan State University and Illinois’ Champaign-Urbana Public Health District, and many more.

Once installed on a computer, ransomware uses a private encryption program to extract a user from their own files and then claim a fee in return for returning the files.

In the UCSF hack, the Netwalker gang programmed a fake customer service page that offered to sell a decryption program that would return the files while a built-in timer counted down.

The page said that the price of the decrypter program would double every time the timer reached zero.

UCSF employees have not said which files were affected, nor how the ransomware first entered their systems, but the FBI has opened an investigation into the case

UCSF employees have not said which files were affected, nor how the ransomware first entered their systems, but the FBI has opened an investigation into the case

UCSF employees have not said which files were affected, nor how the ransomware first entered their systems, but the FBI has opened an investigation into the case

A negotiator representing UCSF communicated with a Netwalker hacker through a chat window associated with this order form, and a live log of their chats was broadcast on the dark web.

In the chat, the hackers claimed that UCSF made “4-5 billion a year” and demanded $ 3 million to release the locked files.

The UCSF negotiator offered $ 780,000, and after a few hours back and forth they reached a compromise of $ 1.14 million.

Cyber ​​security experts have suggested that the recent large-scale shift to remote work has left a number of organizations vulnerable to hackers.

Cyber ​​security experts point to the increase in people working from home during COVID-19 as a major security vulnerability that has created new opportunities for hackers

Cyber ​​security experts point to the increase in people working from home during COVID-19 as a major security vulnerability that has created new opportunities for hackers

Cyber ​​security experts point to the increase in people working from home during COVID-19 as a major security vulnerability that has created new opportunities for hackers

According to Bill Conner of cybersecurity firm SonicWall, the combination of remote internet connections and less secure PCs has opened up several new openings.

“In most cases these are not brand new exploits, [hackers] don’t create new malware, ”Conner told the San Jose Mercury News. “They only attack more sensitive areas.”

“Access from home is easier than in a building because you have multiple layers of security in your office.”

Advertisement

.