skip to Main Content
+44 (0) 1628 308038

University of California San Francisco pays ransomware gang $1.14m as BBC publishes ‘dark web negotiations’


A California university which is dedicated solely to public health research has paid a $1.14m ransom to a criminal gang in the hopes of regaining access to its data.

The University of California San Francisco (UCSF) paid out in the apparently successful hope that the Netwalker group would send it a decryption utility for its illicitly encrypted files, which it referred to as “data … important to some of the academic work we pursue as a university serving the public good”.

A negotiator acting on behalf of UCSF was said to have opened the bidding for the decryptor at $780,000, according to the BBC which claimed that an “anonymous tipoff” allowed it to “follow the ransom negotiations in a live chat on the dark web”.

UCSF said miscreants had “encrypted a limited number of servers within the School of Medicine” – on 1 June – and said on Friday that it was working with outside experts to “fully restore the affected servers”. While the university is carrying out research on COVID-19, it said in a public statement that the attack did not affect that.

It also noted that patient medical records and patient care were not affected – the university has a teaching hospital attached, the San Francisco Medical Center.

Infosec researcher Brett Callow of threat intel biz Emsisoft told The Register that Netwalker is one of the gangs that did not join a previous underworld declaration by more “ethical” criminals who promised to avoid attacking institutions fighting the coronavirus pandemic.

Britain’s state-owned broadcaster also published what it said were extracts of live chat messages posted by the criminals as they negotiated with UCSF over the ransom. Using news media attention as a means of increasing pressure on victims to pay up is an increasingly popular tactic among ransomware gangs.

Some have even established clearnet and darknet blogs where they post snippets of leaked data and rant about uncooperative victims, in the hope of attracting journalists’ attention and headlines that put the spotlight on victims and pressure others into paying.

British government advice, increasingly echoed around the world, is not to pay ransoms. There’s no guarantee that criminals will stick by their word and, indeed, there is every incentive for them to score a payout from desperate victims and then auction off stolen data regardless of promises not to do so. Putting your users through security awareness training also helps avoid the installation of ransomware.

With thanks to the Register. The full story is here:

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST Results

Here’s how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customise the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organisation compares to others in your industry

PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:

Close search
Back To Top