Ransomware can be annoying, expensive, destructive, and so many more negative adjectives and emotions, but if caught between a rock and a hard place (your research was encrypted), would you pay to get it back?
UCSF “has admitted to paying a partial ransom demand of $1.14 million to recover files locked down by a ransomware infection.”
On June 1st malware was found in the IT systems at UCSF’s Medical School. After isolating the infection to prevent further damage and the spread to UCSF’s core network, only the servers used by the medical program had been encrypted. Any data once stored on those machines however, was now inaccessible.
So, what’s next? After discovering an attack and severing the damaged leg of your operation, how do you quickly re-attach it? Most don’t, as to stand up against ransom demands that further criminal enterprises. Although, if you keep a detailed and continuously restored back-up of your data, you’re in luck, and the dollar signs looming ominously overhead disappear. But that wasn’t the case for UCSF.
The university states, “the attackers obtained some data as proof of their action, to use in their demand for a ransom payment,” and they made the painful decision to pay “a portion” of the ransom. UCSF’s reasoning was that the data is “important to some of the academic work we pursue as a university serving the public good.”
The ransomware group now $1.4 million dollars richer, is the ‘Netwalker’ gang.
The BBC closely followed the interaction between Netwalker and UCSF through the Dark Web. The first ransom demand made was $3 million, countered then by the university at $780,000 explaining COVID-19 has already been “financially devastating” this year.
The final offer made and accepted was in Bitcoin (BTC) in the amount of $1,140,895. Ouch.
In exchange for the outrageous sum, the university received decryption keys and Netwalker agreed to delete any stolen data. We can only hope they follow through…
UCSF is working with the FBI to investigate the incident, and their servers are still down, costing them in addition to the bitcoin they sent for ransom. Another expensive lesson we can only hope universities across the world learn from and increase their cybersecurity measures to avoid.
If you’re looking to avoid a costly mistake, train your employees on what to look for, and increase your cybersecurity measures let us know today, contact DarkHound at [email protected].
-Emmy Seigler