The University of California at San Francisco paid a ransom of $1.14 million to hackers in June to recover data from its School of Medicine that had been encrypted in a cyberattack, the university announced last week. The attack marked the third in a string of recent cyberattacks carried out against universities.
The prestigious medical school is among several universities to have been targeted by ransomware in recent months. Netwalker, the ransomware software responsible for the UCSF hack, was used to carry out similar attacks against Michigan State University and Columbia College in Chicago in late May and early June. Michigan State opted not to pay its ransom on the advice of law enforcement, which resulted in financial documents and personal information from the university being published online.
Carolyn Crandall, chief deception officer for computer security service Attivo Networks, said the shift to remote work amid COVID-19 has made companies more vulnerable to cyberattacks. New weaknesses, like the use of personal computers at home and the cost of guarding remote connections to sensitive corporate servers, have only made it easier for hackers to infiltrate targets. A search on Twitter shows that numerous other organizations have reportedly been targeted by Netwalker, from a Long Beach country club to a health-care provider in Philadelphia.
Crandall said that Attivo has observed an uptick in ransomware attacks in recent months that she says could eventually lead to further high-profile breaches.
The hackers struck UCSF on June 1 with malware that encrypted data on some of the School of Medicine’s servers, rendering them inaccessible. The hackers demanded a ransom payment to release the data — a demand that UCSF begrudgingly met on June 6 after a day of negotiation on a dark web website.
According to UCSF, the incident did not affect patient care delivery operations or research on COVID-19. The university is working with a leading cybersecurity expert to investigate the attack and expects to be able to restore the affected data soon.
Crandall said that companies are generally advised not to pay ransoms if targeted by ransomware attacks because paying doesn’t guarantee the return of the data.
(c)2020 the Palo Alto Daily News (Menlo Park). Distributed by Tribune Content Agency, LLC.