Ransomware hackers fleeced $1.14 million out of top medical school

ransomware hacker
(Image credit: Shutterstock)

A leading U.S. medical school and research university has been forced to pay $1.14 million to cybercrooks after falling victim to a ransomware attack.

The Netwalker ransomware attack on June 1 targeted the University of California, San Francisco, and resulted in servers at the UCSF School of Medicine being encrypted by hackers. 

Although the university’s IT department identified and mitigated the attack, it was unable to stop the hackers encrypting a number of files. The school therefore paid the ransom fee to decrypt the files. 

In a post on the university's website (and reported by the BBC) on June 26, UCSF administrators wrote: “While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible. 

“Since that time, we have been working with a leading cybersecurity consultant and other outside experts to investigate the incident and reinforce our IT systems’ defenses. We expect to fully restore the affected servers soon.”

UCSF has separate medical, dental, nursing and pharmacy schools, as well as research facilities and a teaching hospital, all in San Francisco. It is the health-sciences branch of the University of California system and does not teach undergraduates.

'Opportunistic' attack

The graduate institution said the encrypted data was “important to some of the academic work we pursue as a university serving the public good”, and as a result, the school felt it had no choice but to pay the sum. 

The school's posting went on to say that it “made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.”

While the investigation is still underway, UCSF said that the “malware encrypted our servers opportunistically” and that “no particular area” was a target for the ransomware attack. 

The university added: “The attackers obtained some data as proof of their action, to use in their demand for a ransom payment. We are continuing our investigation, but we do not currently believe patient medical records were exposed.

“We continue to cooperate with law enforcement, and we appreciate everyone’s understanding that we are limited in what we can share while we continue with our investigation.”

The BBC was privy to the university's online negotiations with the criminals, who demanded $3 million at one point because the University of California "made billions a year."

In fact, the entire University of California system is non-profit and is partly funded by state taxpayers. The two sides eventually settled for $1.14 million, paid in bitcoin.

  • More: Stay secure and unblock websites with the best US VPN

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!

Latest in Malware & Adware
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
A phone with the Plex logo in front of an out-of-focus background of movie posters
Yikes! Plex is getting a price hike and this key feature is going behind a pay wall
back of Iris Pixel 9a
Google Pixel 9a pre-orders delayed due to 'component quality issue' — here's when you can get one
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Sony A95K QD-OLED TV in front of windows in a living room
This new TV breakthrough looks like a game-changer for OLED TVs
Apple iPhone 16 & 16 Plus hands-on.
Forget USB-C — a truly portless iPhone just got the all-clear from the EU
Samsung Galaxy Z Flip 6 features on outer cover display
Samsung Galaxy Z Flip FE may arrive 'months' after the Z Flip 7 — here's why