The University of California Paid Over $1 Million to Cybercriminals Who Stole Sensitive Data

IBL News | New York

The University of California San Francisco (UCSF) admitted that it paid a ransom of $1.14 million to cybercriminals who threatened to release sensitive data stolen from UCSF School of Medicine.

“We made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained,” the institution said on a recent news release. “The data that was encrypted is important to some of the academic work we pursue as a university serving the public good.”

This attack reflects the growing use of malware–specifically, a software called Netwalker– by international hackers seeking monetary gain from U.S. universities.

Michigan State University and Columbia College Chicago were also affected. Michigan State announced last month that it decided not to pay the ransom.

The hackers initially demanded $3 million to UCSF. The ransom amount was settled on 116.4 Bitcoin ($1.14 million). A BBC Newes reporter, Joe Tidy, acceded the live chat room where UCSF negotiated with the cybercriminals and posted the terms of extortion.

Europol advised victims not to pay the ransom, as this finances criminals and encourages them to continue their illegal activities. “Instead, they should report it to the police so law enforcement can disrupt the criminal enterprise.”