The University of California pays a million-dollar data ransom in cryptosystemsJuli 2020
The University of California at San Francisco School of Medicine paid a ransom of $1.14 million in crypto currency to the hackers who were behind a ransomware attack on June 1.
According to CBS San Francisco, UCSF IT staff first detected the security incident, stating that the attack launched by the NetWalker group affected „a limited number of servers at the Medical School.
Another Bitcoin scam hits Canadians
Although the areas were isolated by internal network experts, the hackers left the servers inaccessible and managed to successfully deploy ransomware. A statement released by the University of California said:
„The data that was encrypted is important to some of the academic work we do as a university in the service of the public good. …] Therefore, we made the difficult decision to pay a portion of the ransom, approximately $1.14 million, to the people behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.
The co-founder of a Ponzi scheme with Bitcoin was arrested by Jakarta police on sexual assault charges
A negotiation took place between the hackers and the UCSF
BBC News revealed that an undercover negotiation took place between UCSF officials and the hackers, but it did not end successfully.
University officials first asked to reduce the ransom payment to USD 780,000, but the hackers rejected the offer, saying that if they accepted the reduced amount, it would be as if they had „worked for nothing“.
Netwalker warned that they would only accept USD 1.5 million, and „everyone would sleep well“. Hours later, UCSF staff asked for steps to be taken to send the payment and made a final offer of USD 1,140,895, which was accepted by the hackers.
The university staff proceeded to send 116.4 The News Spy the next day to the hackers‘ wallets and received the decryption software.
A fraudulent site poses as an encrypted messaging service to steal Bitcoins
The risks associated with ransomware incidents are „greater than ever“
Speaking to Cointelegraph, Brett Callow, a threat analyst and ransomwares expert at Emsisoft malware lab, said:
„While public and private sector entities in the United States, Europe and Australasia are the most common targets of ransomware groups, entities in other countries are often targeted as well. And because ransomware attacks are now data breaches, the risks associated with these incidents are greater than ever, both for the targeted organizations and their customers and business partners.
Callow adds that companies can minimize the likelihood of being successfully attacked by „adhering to security best practices, locking down RDP, using multifactorial authentication wherever it can be used, turning off PowerShell when not needed, and so on.
In early June, Cointelegraph reported that Michigan State University had been attacked by the ransomwares gang NetWalker, which threatened to leak student records and financial documents. At the time, university officials said they would not pay the ransom.