The University admitted it paid the ransom because the hackers encrypted certain servers.

The University of California San Francisco said in a notice last Friday that it paid $1.14 million, a “portion” of a demanded ransom, to hackers who installed malware and encrypted its servers. The hacker attack, which the University describes as a “security incident,” took place in the UCSF School of Medicine’s IT environment on June 1. (UCSF)

UCSF ransomware attack

The University was able to segregate the core UCSF network from the incident and quarantined several of its systems in the School of Medicine. Even as the University was taking remedial measures, the bad actors were able to install malware onto a few servers and render them inaccessible.

The university said the attack was precipitated “opportunistically,” with no particular area being targeted. It confirmed that the incident did not damage the continuity of its patient care delivery operations, nor its COVID-19 work. Further, the overall campus network remained safe and patient records were not exposed.

However, the University admitted that the hackers obtained some data as proof of their action, to use in their demand for a ransom payment.

Encrypted data

“The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” the UCSF said. “We, therefore, made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.”

The UCSF said it was working with various cybersecurity consultants and experts to “investigate the incident and reinforce our IT systems defenses,” and that it expected to fully restore the infected servers soon.

The University did not disclose the manner of payment of the ransom.

BBC’s expose

The BBC, however, laid bare the details of the negotiation and ransom payment in an article on Monday. It said it received an anonymous tip-off that allowed it to track the discussions in a live chat on the dark web.

The criminals responsible for the attack on UCSF on June 1 were the notorious Netwalker gang, according to the BBC. The gang has previously attacked two other universities over the past couple of months.

The hackers reportedly started with the demand of $ 3 million, which the UCSF negotiated down to $1,140,895.

The next day the UCSF transferred 116.4 bitcoins to Netwalker’s electronic wallets and received the decryption software in return.

Related Story:     Aussie Beer Manufacturer Lion on the Hook for $800K in Ransomware Demand