According to local news outlets, the University of California at San Francisco (UCSF) School of Medicine just paid over $1 million in ransom after a group of hackers got access to research information from the education center. Apparently, hackers were able to lock researchers out of their data through the use of maliciously encrypted malware.
The incident was detected in early June by the school’s Information Technology staff, stating that only a limited number of servers in the School of Medicine were affected at the time, isolating them from the UCSF core network. As detailed in the University statement:
The data that was encrypted is important to some of the academic work we pursue as a university serving the public good… We, therefore, made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.
The attack blocked access to essential servers and created a security breach that hackers used to their advantage to upload the malware. However, University officials claim that hackers did not access patient data, coronavirus-related research, or the overall campus network.
The UCSF was forced to negotiate with the hackers, first pitching an offer of $780,000 to regain access to the servers, but hackers rejected the offer. At last, the university paid 116.4 Bitcoin (BTC) and on the following day, they regained access to the servers through a decryption software sent by the hackers.
The University is now working with a cyber-security company to update their security systems and to investigate the root of the attack.
This incident reflects the growing use of malware by cyber-criminals around the world seeking monetary gain, including several recent attacks on institutions of higher education… We continue to cooperate with law enforcement, and we appreciate everyone’s understanding that we are limited in what we can share while we continue with our investigation.