The University of California at San Francisco (UCSF) School of Medicine has paid hackers $1.14 million so the school could regain access to data that had been encrypted by ransomware.
UCSF networks were attacked by Netwalker ransomware on June 1, and the attack was detected on June 3.
“The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” UCSF said in a statement. “We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.”
Fortunately, the incident didn’t affect patient care, the overall campus network or COVID-19 work, according to school officials.
“While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible,” said the school in its statement. “Since that time, we have been working with a leading cyber-security consultant and other outside experts to investigate the incident and reinforce our IT systems’ defenses. We expect to fully restore the affected servers soon.”
The hackers originally demanded $3 million, but the payment was negotiated down by a school representative, reports the BBC, which followed the ransom negotiations in a live chat on the dark web. Although law enforcement agencies discourage negotiating with hackers, cybersecurity experts say these types of negotiations are currently occurring all over the world.
Some ransomware gangs have vowed not to strike healthcare during the coronavirus pandemic, but the Netwalker gang is not one of them. In May, the Netwalker ransomware gang attacked Michigan State University.
On March 10, the Champaign-Urbana Public Health District in Illinois announced its website was taken down by a ransomware attack, making it difficult to distribute accurate information on the pandemic. The website was down for three days until the district paid the $300,000 ransom, according to The Union Leader.
Researchers have also found hackers are increasingly targeting university students and staff members through phishing emails during the coronavirus crisis. In April, a ransomware attack shut down the servers of Illinois Valley Community College.