The University of California, San Francisco (UCSF) ponied up $1.4 million to hackers to retrieve data encrypted during a NetWalker ransomware attack disclosed in early June.
“The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” according to a statement from UCSF, which said the university was able to stop the hackers in mid-attack and that it only affected a “limited number of servers” in the School of Medicine. “We therefore made the difficult decision to pay some portion of the ransom.”
The university said it quarantined several systems and isolated the incident from UCSF’s core network, explaining that the attack didn’t effect patient care delivery or its work on COVID-19.
Noting that “the disclosed technical details of the attack are obscure and insufficient to derive definitive conclusions about the origins and nature of this exorbitant incident,” ImmuniWeb Founder and CEO Ilia Kolochenko said given the use of the well-known NetWalker malware, “we may, however, assume that the attack exploited a lack of IT asset visibility, improperly implemented security monitoring or patch management.”
Kolochenko said "Public schools frequently save money on cybersecurity, trying to invest budgets into apparently more appealing areas to deliver more value for students and society,” leaving them vulnerable to exploitation by “unscrupulous attackers” waiting to pounce. “Covid-19 largely exacerbates the situation with the surge of shadow IT, abandoned servers and unprotected applications serving as an easy entry point into disrupted organizations,” he said. “Cryptocurrencies turn cyber extortion and racketeering into a highly profitable and riskless business given that in most cases the attackers are technically untraceable and thus enjoy impunity.”