The University of California in San Francisco (UCSF)

History

2020: Payment of ransom in $1 million after the attack of a virus racketeer

At the beginning of July, 2020 the University of California in San Francisco paid (UCSF) the redemption in the amount of $1.14 million to recover the important academic files blocked by a virus racketeer.

An attack to the university took place on June 1 when in IT systems of Medical school UCSF the malware was revealed. Administrators quickly isolated infection and did not allow a virus to move to the main network UCSF. The medical school claims that cyber attack did not interfere "with delivery of health care to patients, did not influence the general network of a campus or work against COVID-19", however the UCSF servers used by school were ciphered.

The University of California paid the redemption in $1 million after the attack of a virus racketeer

Do not recommend to pay the victims the redemption as it provokes hackers to the new attacks. Nevertheless, UCSF made "the difficult decision to pay a part of the redemption" as the ciphered information "was necessary for continuation of scientific work which the university performs for public benefit".

It is supposed that the team of hackers of Netwalker is responsible for cyber attack. In the beginning racketeers demanded $3 million, but UCSF reported that it cannot pay such amount, the pandemic hard affected a financial situation of organization. As a result the university paid $1,140,895 in bitcoins (BTC). In exchange hackers provided the instrument of decoding and reported that they will delete the data stolen from servers.

Researchers claim that the Netwalker group, as a rule, attacks the large organizations, using public vulnerabilities of a system or not switched off remote desktop services. UCSF involved consultants for cyber security to investigation of an incident and works with FBI. The university claims that confidential information of patients did not suffer, but servers do not work yet.^[1]

Notes