BreachExchange mailing list archives
University of California SF pays ransomware hackers $1.14 million to salvage research
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 1 Jul 2020 09:32:32 -0500
https://www.zdnet.com/article/university-of-california-sf-pays-ransomware-hackers-1-14-million-to-salvage-research/ The University of California at San Francisco (UCSF) has admitted to paying a partial ransom demand of $1.14 million to recover files locked down by a ransomware infection. The university was struck on June 1, where malware was found in the UCSF School of Medicine's IT systems. Administrators quickly attempted to isolate the infection and ringfence a number of systems that prevented the ransomware from traveling to the core UCSF network and causing further damage. While the school says the cyberattack did not affect "our patient care delivery operations, overall campus network, or COVID-19 work," UCSF servers used by the school of medicine were encrypted. Ransomware can be particularly destructive as once a system is compromised, content is encrypted and rendered inaccessible. Victims are then faced with a choice: potentially lose their files, or pay a ransom demand. Cyberattackers will often include a time limit for a decision to be made to ramp up the pressure to pay. As shown in this case, blackmail demands can reach millions of dollars. "The attackers obtained some data as proof of their action, to use in their demand for a ransom payment," the university said in a statement. "We are continuing our investigation, but we do not currently believe patient medical records were exposed." IT security and privacy: Concerns, initiatives, and predictions (TechRepublic Premium) This archived TechRepublic Premium report, originally published in February 2015, is available for free to registered TechRepublic members. For all the latest research reports, 100+ ready-made policies, IT job descriptions, and more, check out TechRepubli... Research provided by TechRepublic Premium It is not recommended that victims bow to ransom demands, as this furthers criminal enterprises. However, UCSF said it took the "difficult decision to pay some portion of the ransom" as some of the information stored on the servers is "important to some of the academic work we pursue as a university serving the public good." The Netwalker gang is believed to be responsible. The BBC was able to follow the negotiation, made in the Dark Web, between Netwalker and the university. The threat actors first demanded $3 million which was countered by the UCSF with a $780,000 offer, together with a plea that the novel coronavirus pandemic had been "financially devastating" to the academic institution. This offer, however, was dismissed, and a back-and-forth eventually led to the agreed figure of $1,140,895, made in Bitcoin (BTC). In return for payment, the threat actors provided a decryption tool and said they would delete data stolen from the servers. SophosLabs says the Netwalker toolkit is extensive and includes the Netwalker, Zeppelin, and Smaug ransomware, Windows-based reconnaissance tools, and brute-force credential software. The researchers say this group tends to focus on large organizations rather than individual targets. In past attacks, Netwalker has targeted systems through well-known and public vulnerabilities or via credential stuffing on machines with remote desktop services enabled. UCSF pulled in cybersecurity consultants to investigate the incident and is currently working with the FBI. At the time of writing, servers are still down. "We continue to cooperate with law enforcement, and we appreciate everyone's understanding that we are limited in what we can share while we continue with our investigation," the university added. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- University of California SF pays ransomware hackers $1.14 million to salvage research Destry Winant (Jul 01)