UC San Francisco pays $1.14M to hackers following ransomware attack
The University of California at San Francisco has become the latest organization to cave into hackers behind a cyberattack, paying a $1.14 million ransom following a “security incident” earlier this month.
While somewhat vague on the details of the attack, such as never once using the term ransomware, the university said Friday that the incident involved computer systems in its School of Medicine being infected June 1. UCSF then described the attackers launching “malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible.”
Those behind the attack stole data that they then used as proof of their attack to demand a ransom payment. UCSF claimed that no patient medical records were exposed, but some of the data encrypted in the attack included important academic work. That prompted the university to pay $1.14 million, a portion of the demanded ransom in exchange for a tool to unlock the encrypted data.
UCSF is not the first organization to pay up following a ransomware attack, with some deciding to make the choice because it’s deemed easier than trying to recover encrypted data. The problem with paying a ransom demand, however, is that it encourages cybercriminals to target even more companies and groups since they know that in some cases victims will pay up.
“Criminals continue to focus ransomware on targets they can pressure to pay, including hospitals, healthcare, cities/municipalities and schools, especially higher education institutions and those involved in research,” Marcus Fowler, director of strategic threat at cyber security firm Darktrace Ltd., told SiliconANGLE. “Research data and information is difficult, if not impossible, to replace depending on the experiments and data collected. This makes it valuable to cybercriminals and also critical to defend.”
Referring to a BBC article that walked through how the attackers pressured the university to pay including a public declaration and the release of data, Fowler added that “the visual of ‘staff running around unplugging machines to prevent the spread’ gives a good sense of the speed with which the attack occurs. The security teams defaulted to the most immediate and dramatic response – physically unplugging machines.”
Ilia Kolochenko, founder & chief executive officer of web security company ImmuniWeb, noted that public schools frequently save money on cybersecurity, trying to invest budgets into apparently more appealing areas to deliver more value for students and society.
“Unfortunately, the road to hell is paved with good intentions and unscrupulous attackers readily exploit any inadequate resilience and unpreparedness to extort money,” Kolochenko said. “COVID-19 largely exacerbates the situation with the surge of shadow IT, abandoned servers and unprotected applications serving as an easy entry point into disrupted organizations. We will likely see a steady growth of ransomware hacking campaigns targeting the public sector in 2020.”
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.