You have /5 articles left.
Sign up for a free account or log in.

The University of California, San Francisco, paid a ransom of $1.14 million to hackers who encrypted and threatened to publish sensitive data stolen from the institution’s School of Medicine.

UCSF is one of three universities recently targeted using ransom software known as Netwalker. Michigan State University and Columbia College Chicago were also affected. Michigan State announced last month that it decided not to pay the ransom out of concern that payment to the criminals would encourage future attacks.  

Through an anonymous tip, a BBC News reporter was able to join the live chat room where UCSF negotiated the ransom. The hackers initially demanded $3 million. A UCSF representative said the coronavirus pandemic was “financially devastating” for the university and made a counteroffer of $780,000, which was refused. They settled on a payment of 116.4 Bitcoin, worth approximately $1.14 million.

“We are continuing our investigation, but we do not currently believe patient medical records were exposed,” said a UCSF statement news release on June 26. “The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” continued the statement. “We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of data they obtained.”