Security Market Segment LS
Tuesday, 30 June 2020 10:07

US uni admits paying US$1.14m ransom to gang using NetWalker

US uni admits paying US$1.14m ransom to gang using NetWalker Pixabay

The University of California in San Francisco has admitted it paid US$1.14 million to cyber criminals who attacked its website using the NetWalker ransomware that runs on Windows systems.

In a statement, UCSF said it had initially detected a security incident at its School of Medicine on 1 June.

Several IT systems were quarantined and the infection was isolated from the core network. But the ransomware encrypted a number of services leading to negotiations with the criminals led by an unspecified cyber security consultant.

"Our investigation is ongoing but, at this time, we believe that the malware encrypted our servers opportunistically, with no particular area being targeted," UCSF said.

"The attackers obtained some data as proof of their action, to use in their demand for a ransom payment. We are continuing our investigation, but we do not currently believe patient medical records were exposed. As additional facts become known, we will provide further updates."

Australian customer experience firm Stellar, that also operates across Asia, North America and Africa, took a hit from the NetWalker ransomware in May.

The UCSF said it had paid the ransom because "the data that was encrypted is important to some of the academic work we pursue as a university serving the public good".

"We therefore made the difficult decision to pay some portion of the ransom, approximately US$1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.

"This incident reflects the growing use of malware by cyber criminals around the world seeking monetary gain, including several recent attacks on institutions of higher education.

"We continue to cooperate with law enforcement, and we appreciate everyone’s understanding that we are limited in what we can share while we continue with our investigation."

The BBC reported that it had was able to witness the negotiations for the ransom first-hand.


Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.


talentCRU FREE WEBINAR INVITE - Cybersecurity in COVID-19 times and beyond

With the mass transition to remote working, our businesses are becoming highly dependent on the Internet.

So, it’s no surprise that we’ve seen an increase in cyberattacks.

However, what’s more concerning is that just 51% of technology professionals are highly confident that their cybersecurity teams are able to detect and respond to these threats.

Join us for this free online roundtable where our experts discuss key cybersecurity issues IT leaders are facing during the pandemic, and the challenges that will likely emerge in the coming years.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments