Officials at the University of California, San Francisco (UCSF) have announced that they have paid cybercriminals about $1 million to recover data encrypted during a ransomware attack earlier this month.UCSF is one of the leading centers of the world in the fields of medical research, dentistry, patient care and medical education.
The incident occurred on June 1, 2020, and the university fell victim to the NetWalker ransomware: malware operators announced a hack on their website on darknet, posting as evidence some stolen files.
UCSF representatives claim that they were able to restrain the spread of the malware soon after its discovery, although the attack still affected some systems.
So, according to official data, the School of Medicine’s network was isolated to prevent the development of an attack (some of the servers were still encrypted), and the main USCF network was not affected. As a result, the incident did not affect the provision of medical care to patients, the COVID-19 study, and did not affect the campus network.
“We quarantined several IT systems within the School of Medicine as a safety measure, and we successfully isolated the incident from the core UCSF network. Importantly, this incident did not affect our patient care delivery operations, overall campus network, or COVID-19 work. While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible”, — told UCSF representatives.
Although the investigation of the incident has not yet been completed, it is currently believed that the medical records of the patients also did not fall into the hands of third parties.
Recall that also Maze operators attacked medical company, which is testing vaccine for COVID-19.
University experts believe that the attackers did not target specific servers, but encrypted the data that they could reach.” It is expected that the servers affected by the attack will fully return to work in the nearest future.
UCSF representatives note that the data encrypted during the attack was part of a socially important research. Because of the value of this information, management has decided to pay the attackers “some portion of the ransom, approximately $1.14 million”, for a tool to decrypt the data.
According to the BBC, the negotiator, acting on behalf of the UCSF, bargained with hackers for a long time, and first offered to pay them $780,000.
“This incident reflects the growing use of malware by cyber-criminals around the world seeking monetary gain, including several recent attacks on institutions of higher education. We continue to cooperate with law enforcement, and we appreciate everyone’s understanding that we are limited in what we can share while we continue with our investigation”, — said UCSF representatives.
Recall that also the UK National Cyber Security Center (NCSC) reported that cybercriminals attack the developers of a vaccine against coronavirus infection (COVID-19).
User Review( votes)