{"id":9163,"date":"2020-06-30T17:27:53","date_gmt":"2020-06-30T14:27:53","guid":{"rendered":"https:\/\/forklog.media\/?p=9163"},"modified":"2020-06-30T21:14:17","modified_gmt":"2020-06-30T18:14:17","slug":"u-s-university-pays-over-1m-ransom-in-bitcoin-to-hackers-to-regain-access-to-encrypted-data","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/u-s-university-pays-over-1m-ransom-in-bitcoin-to-hackers-to-regain-access-to-encrypted-data\/","title":{"rendered":"U.S. University Pays Over $1M Ransom in Bitcoin to Hackers to Regain Access to Encrypted Data"},"content":{"rendered":"

On June 1, University of California San Francisco (UCSF) detected<\/a> and subsequently stopped a cyber-attack, wherein threat actors obtained access to a part of the School of Medicine\u2019s IT infrastructure. As part of the attack, the hackers encrypted a number of servers, making them temporarily inaccessible.<\/p>\n

<\/p>\n

According to a June 26 announcement<\/a>, the attack was most likely opportunistic, with no particular areas being targeted. The university stated that none of the patient medical records and COVID-19 work were exposed. However, the cybercriminals obtained some data \u201cas proof of their action\u201d to further use it in their demand for a ransom payment. The announcement continued:<\/p>\n

\u201cThe data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We, therefore, made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.\u201d<\/i><\/b><\/p><\/blockquote>\n

Following the incident, the university initiated an investigation into the event in cooperation with the Federal Bureau of Investigation and cyber-security experts. UCSF expects to reinforce its IT systems\u2019 defense and fully restore the affected servers soon.<\/p>\n

Ransom Negotiations on the Darknet<\/h2>\n

As BBC reported<\/a> on June 29, UCSF was attacked by the NetWalker ransomware gang, which has been actively targeting the healthcare industry during the coronavirus outbreak. The anonymous source BBC referred to witnessed the negotiations between NetWalker operators and UCSF in a live chat on the darknet.<\/p>\n

Given that UCSF is a multi-billion dollar enterprise<\/a>, the hackers first demanded not less than a $3 million ransom from it, however, a university representative begged them to accept $780,000. The NetWalker operator reportedly responded:<\/p>\n

\u201cHow can I accept $780,000? Is like, I worked for nothing. You can collect money in a couple of hours. You need to take is seriously. If we\u2019ll release our blog, student records\/ data, I am 100% sure you will lose more than our price what we asked. We can agree to an price, but not like this, because I\u2019ll take this like an insult.\u201d<\/i><\/b><\/p><\/blockquote>\n

Eventually, the amount of ransom agreed upon by the parties was $1,140,895. The university transferred 116.4 Bitcoins to NetWalker\u2019s digital wallets, while the hackers sent the decryption software to the UCSF.<\/p>\n

As forklog.media reported on June 29, the FBI indicated<\/a> California, Florida, New York, Ohio, Texas, and Washington as the states most vulnerable to Internet crimes, with the highest victim monetary losses or number of victims in 2019. California led the rating in terms of the volume of victim losses.<\/p>\n

Follow us on <\/b>Twitter<\/b><\/a> and <\/b>Facebook<\/b><\/a> and join our <\/b>Telegram channel<\/b><\/a> to know what\u2019s up with crypto and why it\u2019s important.<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"

On June 1, University of California San Francisco (UCSF) detected and subsequently stopped a cyber-attack, wherein threat actors obtained access to a part of the School of Medicine\u2019s IT infrastructure. As part of the attack, the hackers encrypted a number of servers, making them temporarily inaccessible.<\/p>\n","protected":false},"author":6,"featured_media":9165,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"human_written","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[18,44,43],"class_list":["post-9163","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-bitcoin","tag-cybercrime","tag-hackers"],"aioseo_notices":[],"amp_enabled":true,"views":"1330","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=9163"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9163\/revisions"}],"predecessor-version":[{"id":9166,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/9163\/revisions\/9166"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/9165"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=9163"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=9163"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=9163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}