Press "Enter" to skip to content

Hackers used ransomware to extort $1.4m via UCSF networks

Hackers successfully extorted $1.14million from the University of California San Francisco after breaching its internal networks with malicious ransomware.

The attack was organized by the Netwalker gang, a hacker group that uses ransomware of the same name, who gained access to UCSF’s protected files in early June.

After extended negotiation with the hackers, UCSF management agreed to pay the hackers 116.4 bitcoins, or $1,140,895, in exchange for their files being returned.

The FBI is currently investigating the attack, and UCSF management have not disclosed how the hackers introduced the ransomware to their network nor described what specific files were affected.

‘The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,’ a UCSF spokesperson told the BBC.

‘We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.’

The Netwalker gang has previously attacked a number of other institutions with ransomware, including parts of a local Austrian city government network, Michigan State University servers, and the Champaign-Urbana Public Health District in Illinois, among several others.

Once installed on a computer, ransomware uses a private encryption program to lock a user out of their own files, then demand a fee in exchange for the return of the files.

In the UCSF hack, the Netwalker gang programmed a fake customer service page that offered to sell a decrypter program that would return the files while a built-in timer counted down. 

The page said that the price of the decrypter program would double every time the timer reached zero.

A negotiator representing UCSF communicated with a Netwalker hacker through a chat window connected to this order form, and a live log of their chats was broadcast on the dark web.

In the chat, the hackers claimed UCSF made ‘4-5 billions per year’ and demanded $3million to release the locked files.

The UCSF negotiator offered $780,000, and after several hours of back and forth, they reached a compromise of $1.14million.

Cybersecurity experts have suggested the recent widespread shift to remote working has left a number of organizations newly vulnerable to hackers.

According to Bill Conner of the cybersecurity firm SonicWall, the combination of remote internet connections and less secure personal computers has introduced several new openings that could be targeted.

‘In most cases, these are not brand new exploits, [hackers] are not creating new malware,’ Conner told the San Jose Mercury News. ‘They’re just attacking more vulnerable areas.’

‘There’s more easy access from home than there was in a building, because you have multiple layers of security in your office.’

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *