Title

UCSF Pays $1 Million Ransom to Hackers

July 2, 2020
 
 

The University of California, San Francisco, paid a ransom of $1.14 million to hackers who encrypted and threatened to publish sensitive data stolen from the institution’s School of Medicine.

UCSF is one of three universities recently targeted using ransom software known as Netwalker. Michigan State University and Columbia College Chicago were also affected. Michigan State announced last month that it decided not to pay the ransom out of concern that payment to the criminals would encourage future attacks.  

Through an anonymous tip, a BBC News reporter was able to join the live chat room where UCSF negotiated the ransom. The hackers initially demanded $3 million. A UCSF representative said the coronavirus pandemic was “financially devastating” for the university and made a counteroffer of $780,000, which was refused. They settled on a payment of 116.4 Bitcoin, worth approximately $1.14 million.

“We are continuing our investigation, but we do not currently believe patient medical records were exposed,” said a UCSF statement news release on June 26. “The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” continued the statement. “We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of data they obtained.”

Be the first to know.
Get our free daily newsletter.

 

We are retiring comments and introducing Letters to the Editor. Letters may be sent to [email protected].

Read the Letters to the Editor  »

We are retiring comments and introducing Letters to the Editor. Share your thoughts »

 

Opinions on Inside Higher Ed

Inside Higher Ed’s Blog U

Back to Top