As per CBS San Francisco, the UCSF IT staff initially identified the security breach and detailed that the attack, initiated by NetWalker group, impacted “a limited number of servers in the School of Medicine.”
Even though necessary demarcation has been done by professionals on the internal network, the hackers have made the servers inaccessible and succeeded in installing the ransomware in a successful manner. In this regard, a statement published by the University of California said:
“The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. […] We, therefore, made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.”
BBC News disclosed that a surreptitious discussion between the UCSF executives and the team happened, but did not succeed. University’s officials initially demanded a reduction in ransom amount to $780,000, but hackers turned down the offer and pointed out that the work they had done is not that cheap.
Netwalker later informed that they will not be able to accept anything less than $1.50 million and “everyone will sleep well.” After few hours, the UCSF staff asked them to send payment details, while giving a final offer of $1,140,895. The hackers accepted the offered amount.
The University staff then went forward to remit 116.40 Bitcoin (BTC) a day after the wallet address provided by hackers and got the decryption software in return.
Brett Callow, a cybersecurity and ransomware professional at malware lab Emsisoft, stated:
“While public and private sector entities in the U.S., Europe and Australasia are the most common targets for ransomware groups, entities in other countries are frequently targeted too. And as ransomware attacks are now data breaches, the risks associated with these incidents are greater than ever — both to the targeted organizations and to their customers and business partners.”
Callows further stated that companies can lessen the possibility of getting hacked by “adhering to security best practices — locking down RDP, using multi-factor authentication everywhere it can be used, disabling PowerShell when not needed, etc.”
Earlier this month, NetWalker ransomware group was able to breach Michigan State University in a triumphant manner.
The team also intimidated students by saying that they would divulge critical documents, including those related to finance. On their part, university officials refused pay the ransom.