UC San Francisco pays $1.14M to hackers following ransomware attack
The University of California at San Francisco has become the latest organization to cave into hackers behind a cyberattack, paying a $1.14 million ransom following a “security incident” earlier this month.
While somewhat vague on the details of the attack, such as never once using the term ransomware, the university said Friday that the incident involved computer systems in its School of Medicine being infected June 1. UCSF then described the attackers launching “malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible.”
Those behind the attack stole data that they then used as proof of their attack to demand a ransom payment. UCSF claimed that no patient medical records were exposed, but some of the data encrypted in the attack included important academic work. That prompted the university to pay $1.14 million, a portion of the demanded ransom in exchange for a tool to unlock the encrypted data.
UCSF is not the first organization to pay up following a ransomware attack, with some deciding to make the choice because it’s deemed easier than trying to recover encrypted data. The problem with paying a ransom demand, however, is that it encourages cybercriminals to target even more companies and groups since they know that in some cases victims will pay up.
“Criminals continue to focus ransomware on targets they can pressure to pay, including hospitals, healthcare, cities/municipalities and schools, especially higher education institutions and those involved in research,” Marcus Fowler, director of strategic threat at cyber security firm Darktrace Ltd., told SiliconANGLE. “Research data and information is difficult, if not impossible, to replace depending on the experiments and data collected. This makes it valuable to cybercriminals and also critical to defend.”
Referring to a BBC article that walked through how the attackers pressured the university to pay including a public declaration and the release of data, Fowler added that “the visual of ‘staff running around unplugging machines to prevent the spread’ gives a good sense of the speed with which the attack occurs. The security teams defaulted to the most immediate and dramatic response – physically unplugging machines.”
Ilia Kolochenko, founder & chief executive officer of web security company ImmuniWeb, noted that public schools frequently save money on cybersecurity, trying to invest budgets into apparently more appealing areas to deliver more value for students and society.
“Unfortunately, the road to hell is paved with good intentions and unscrupulous attackers readily exploit any inadequate resilience and unpreparedness to extort money,” Kolochenko said. “COVID-19 largely exacerbates the situation with the surge of shadow IT, abandoned servers and unprotected applications serving as an easy entry point into disrupted organizations. We will likely see a steady growth of ransomware hacking campaigns targeting the public sector in 2020.”
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.