California's Top Medical Research University Pays Ransomware Actors
The University of California, San Francisco (USCF) has paid a ransomware demand of more than $1.4m. A "limited number of servers" at the public health research facility were encrypted by Netwalker ransomware. UCSF disclosed the incident on June 3. BBC News was able to observe a live chat on the dark web involving UCSF ransom negotiations.
The Netwalker operators used multiple techniques to entice UCSF into paying the ransom, including making both samples of exfiltrated data and the ransom negotiations visible to the press. For UCSF reputation risk is key to continued support as they are working on research to support the public good including a cure for C-19. Sophos has published information about the tactics and tools used by Netwalker ransomware: https://news.sophos.com/en-us/2020/05/27/netwalker-ransomware-tools-give-insight-into-threat-actor/
Extortion attacks will continue as long as the value of success exceeds the cost of attack. Currently the excess of the value of success over the cost of attack is so high as to suggest that we need to increase the cost of attack perhaps ten-fold while reducing the value of success. The strategy of some enterprises of attempting to assign the risk to insurance underwriters is aggravating a problem that we have had years to fix.
William Hugh Murray
Read more in
The Register: University of California San Francisco pays ransomware gang $1.14m as BBC publishes 'dark web negotiations'
SC Magazine: UCSF paid $1.4 million ransom in NetWalker attack
Cyberscoop: California university pays $1 million ransom amid coronavirus research
BBC: How hackers extorted $1.14m from University of California, San Francisco