Ransomware hackers fleeced $1.14 million out of top medical school

ransomware hacker
(Image credit: Shutterstock)

A leading U.S. medical school and research university has been forced to pay $1.14 million to cybercrooks after falling victim to a ransomware attack.

The Netwalker ransomware attack on June 1 targeted the University of California, San Francisco, and resulted in servers at the UCSF School of Medicine being encrypted by hackers. 

Although the university’s IT department identified and mitigated the attack, it was unable to stop the hackers encrypting a number of files. The school therefore paid the ransom fee to decrypt the files. 

In a post on the university's website (and reported by the BBC) on June 26, UCSF administrators wrote: “While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible. 

“Since that time, we have been working with a leading cybersecurity consultant and other outside experts to investigate the incident and reinforce our IT systems’ defenses. We expect to fully restore the affected servers soon.”

UCSF has separate medical, dental, nursing and pharmacy schools, as well as research facilities and a teaching hospital, all in San Francisco. It is the health-sciences branch of the University of California system and does not teach undergraduates.

'Opportunistic' attack

The graduate institution said the encrypted data was “important to some of the academic work we pursue as a university serving the public good”, and as a result, the school felt it had no choice but to pay the sum. 

The school's posting went on to say that it “made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.”

While the investigation is still underway, UCSF said that the “malware encrypted our servers opportunistically” and that “no particular area” was a target for the ransomware attack. 

The university added: “The attackers obtained some data as proof of their action, to use in their demand for a ransom payment. We are continuing our investigation, but we do not currently believe patient medical records were exposed.

“We continue to cooperate with law enforcement, and we appreciate everyone’s understanding that we are limited in what we can share while we continue with our investigation.”

The BBC was privy to the university's online negotiations with the criminals, who demanded $3 million at one point because the University of California "made billions a year."

In fact, the entire University of California system is non-profit and is partly funded by state taxpayers. The two sides eventually settled for $1.14 million, paid in bitcoin.

  • More: Stay secure and unblock websites with the best US VPN

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!