University of California gets fleeced by hackers for $1.14 million
University studying the coronavirus had data stolen then held hostage
The University of California has been hit by a ransomware attack that cost the institution $1.14 million.
A ransomware criminal gang called “Netwalker” hacked the university’s servers and encrypted large amounts of data, some of which university officials told BBC News is “important to some of the academic work we pursue as a university serving the public good.”
Authorities advise against companies paying the ransom as there is no guarantee that the attackers will release the data or destroy their own copies of it. It also serves to fund their criminal enterprises. Regardless, the University of California representatives decided to move forward with the negotiations.
An anonymous tip to BBC News allowed them to follow the negotiations on the dark web, which they published on Tuesday. The criminals’ original asking price was $3 million as they pointed out that the University pulls in “$4-5 billions per year.”
The UC negotiator countered with $780,000 saying that the pandemic has been hard on the university’s finances.
After a long afternoon of negotiations, the two sides settled on a price of $1,140,895 to be delivered in bitcoin. The UC is working with law enforcement officials to investigate the case. On Memorial Day, Michigan State University faced a similar situation but took a hard stand to not pay the ransom.
It’s becoming increasingly difficult for businesses to protect themselves against ransomware attacks. Backing up files offline is highly recommended as well as thorough training of staff on cybersecurity. Most attacks start with a single phishing email being opened.
How virtual desktop infrastructure enables digital transformation
Challenges and benefits of VDIFree download
The Okta digital trust index
Exploring the human edge of trustFree download
Optimising workload placement in your hybrid cloud
Deliver increased IT agility with the cloudFree Download
Modernise endpoint protection and leave your legacy challenges behind
The risk of keeping your legacy endpoint security toolsDownload now