UCSF pays a $ 1 million ransom to recover data from hackers’ medical schools


Malware attacks on prominent companies and institutions are nothing new. But experts say the switch to working from home amid the COVID-19 pandemic may be making it easier for hackers to find a way to break in.

The University of California, San Francisco paid a $ 1.14 million ransom to hackers in June to recover data from their medical school that had been encrypted in a cyber attack, the university announced Friday. The attack marked the third in a series of recent cyber attacks carried out against universities.

The prestigious medical school is among several universities that have been attacked by ransomware in recent months. Netwalker, the ransomware software responsible for the UCSF hack, was used to carry out similar attacks against Michigan State University and Columbia College, Chicago, in late May and early June. The state of Michigan chose not to pay its ransom on the advice of the police, which resulted in financial documents and personal information from the university that were published online.

Carolyn Crandall, director of hoaxes for the computer security service Attivo Networks, said the shift to remote work amid COVID-19 has made companies more vulnerable to cyber attacks, new weaknesses such as the use of personal computers in the home and the cost of protecting remote connections to sensitive devices. The corporate servers have only facilitated the infiltration of targets by hackers. A Twitter search reveals numerous additional organizations that were allegedly targeted by Netwalker, from a Long Beach country club to a health care provider in Philadelphia.

Crandall said Attivo has seen an increase in ransomware attacks in recent months among its clients that it fears could eventually lead to further high-profile breaches.

“I hope I’m wrong, that the shoe is not about to fall off, but I’m afraid that given what we know as security professionals, there is definitely a greater risk,” he said.

The hackers attacked UCSF on June 1 with malware that encrypted data on some of the servers of the Faculty of Medicine, leaving them inaccessible. The hackers demanded a ransom payment to disclose the data, a lawsuit that UCSF reluctantly met on June 6 after a day of trading on a dark website.

“The encrypted data is important to some of the academic work we do as a university serving the public good,” the university wrote in a press release. “Therefore, we made the difficult decision to pay a portion of the ransom, approximately $ 1.14 million, to the people behind the malware attack in exchange for a tool to unlock the encrypted data and return the data they obtained.”

According to UCSF, the incident did not affect patient care delivery operations or the COVID-19 investigation. The university is working with a “leading cyber security expert” to investigate the attack and hopes to be able to restore the affected data soon.

Crandall said companies are generally advised not to pay ransoms if they are attacked by ransomware attacks.

“Inherently, (paying) does not guarantee the return of the data or that the decryptor (to recover files) will work,” Crandall said. “And there is always a chance that, even if you pay the first time, they can come back and hit you again.”

.