A ransom of $1.14m had to be paid to hackers by one of the world’s leading medical-research institution working on a treatment for Covid-19, the institute has admitted, reported BBC News.
The University of California San Francisco (UCSF) was attached by the Netwalker criminal gang on 1st June of this year.
In order to prevent the malware from spreading, computers at the institution had to be unplugged by its IT staff. The BBC was able to follow the ransom negotiations in a live chat on the dark web after being tipped off by an anonymous source.
Despite the advice of law-enforcement agencies, including the FBI, Europol and the UK's National Cyber Security Centre, such types of negotiations are now taking place all over the world and often the negotiated amounts are even larger, say cyber-security experts.
Over the past two months, the Netwalker hacking gang has also been linked to at least two other ransomware attacks on universities.
According to the BBC, the dark-web homepage of the hacking gang appears to be a standard customer-service website at first glance and contains a frequently asked questions (FAQ) tab, an offer of a "free" sample of its software and a live-chat option.
However the web site also contains a countdown timer that keeps ticking down to a negotiated time the ransom demanded by the hackers is either doubled or they delete the data and information for the targets that they had amassed through their hacking efforts.
UCSF was directed by the gang to log in by either using email or a ransom note that was left on hacked computer screens of the institution and the following message was left with UCSF which was posted on 5 June.
However the university asked the hackers for more time six hours after the ransom note was sent to them and also requested the hackers to remove the hacking news of the university in the public blog of from Netwalker.
The hackers then demanded $3m, arguing that the UCSF made billions every year.
But the representative of the university who was negotiating with the hackers and who could have been an external specialist negotiator, according to the BBC report, explained how the novel coronavirus pandemic had been "financially devastating" for the university and requested the hackers to accept a sum of $780,000.
A day into the negotiations, the UCSF finally said that they could only manager to make a ransom payment of $1.02m. The hackers refused to go down below $1.5m. Sometime later, the university informed that all it could finally manage was a sum of $1,140,895 for the hackers. 116.4 bitcoins were transferred to Netwalker's electronic wallets the next day and a decryption software was sent to UCSF.
While working to restore all affected systems, UCSF is now assisting the FBI with its investigations.
"The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained. It would be a mistake to assume that all of the statements and claims made in the negotiations are factually accurate," UCSF told BBC News.
(Source:www.bbc.com)
The University of California San Francisco (UCSF) was attached by the Netwalker criminal gang on 1st June of this year.
In order to prevent the malware from spreading, computers at the institution had to be unplugged by its IT staff. The BBC was able to follow the ransom negotiations in a live chat on the dark web after being tipped off by an anonymous source.
Despite the advice of law-enforcement agencies, including the FBI, Europol and the UK's National Cyber Security Centre, such types of negotiations are now taking place all over the world and often the negotiated amounts are even larger, say cyber-security experts.
Over the past two months, the Netwalker hacking gang has also been linked to at least two other ransomware attacks on universities.
According to the BBC, the dark-web homepage of the hacking gang appears to be a standard customer-service website at first glance and contains a frequently asked questions (FAQ) tab, an offer of a "free" sample of its software and a live-chat option.
However the web site also contains a countdown timer that keeps ticking down to a negotiated time the ransom demanded by the hackers is either doubled or they delete the data and information for the targets that they had amassed through their hacking efforts.
UCSF was directed by the gang to log in by either using email or a ransom note that was left on hacked computer screens of the institution and the following message was left with UCSF which was posted on 5 June.
However the university asked the hackers for more time six hours after the ransom note was sent to them and also requested the hackers to remove the hacking news of the university in the public blog of from Netwalker.
The hackers then demanded $3m, arguing that the UCSF made billions every year.
But the representative of the university who was negotiating with the hackers and who could have been an external specialist negotiator, according to the BBC report, explained how the novel coronavirus pandemic had been "financially devastating" for the university and requested the hackers to accept a sum of $780,000.
A day into the negotiations, the UCSF finally said that they could only manager to make a ransom payment of $1.02m. The hackers refused to go down below $1.5m. Sometime later, the university informed that all it could finally manage was a sum of $1,140,895 for the hackers. 116.4 bitcoins were transferred to Netwalker's electronic wallets the next day and a decryption software was sent to UCSF.
While working to restore all affected systems, UCSF is now assisting the FBI with its investigations.
"The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained. It would be a mistake to assume that all of the statements and claims made in the negotiations are factually accurate," UCSF told BBC News.
(Source:www.bbc.com)
Homepage
Send to a friend
Printable version
Share
