University of California pays $1 million ransom after the Cyber Attack

University of California pays $1 million ransom after the Cyber Attack

The University of California, San Francisco (UCSF), has confirmed that it has paid a total of  $ 1.14 million (£ 925,000) to criminals behind a cyber attack on its School of Medicine.

Cyber Attack and Coronaviurs – NetWalker Ransomware

On June 1, the hackers behind the NetWalker ransomware campaign attacked the UCSF network in the School of Medicine IT.  It is grateful that the treatment of COVID-19 did not impact either patient care delivery operations or research work; the data was successfully encrypted on a limited number of servers according to a UCSF statement.

The encrypted data is essential to some of the academic work they adopt as a university for the betterment of the public. However, no one has thought that any patient records were exposed by the Netwalker cyber attack.

UCSF said in exchange for a tool to unlock, the person behind malware attack asked for some amount of ransom, which was a difficult decision to pay so that the attackers will encrypt data and return the data they obtained.

It is a warning to everyone about the danger created by the Netwalker ransomware threat since March 5, 2020. This ransomware is not the same as other operators. During the COVID-19 epidemic, this particular group of cybercriminals has not declared a cease-fire against medical targets. Ransomware is targeting updated windows for ten systems.

On March 12, NetWalker hackers were reported to have taken the Champaign Urbana Public Health District (CHUPD) website in Illinois offline. The educational facilities are also in the crosshairs for the Networker gang, and if they can combine health and education, it is better.

As per the report, the hackers were initially been seeking a ransom of $3 million but were negotiated by a UCSF representative. According to the BBC report, the UCSF spokesman said that it would be a mistake to assume that everything in the negotiated statements was factually correct.


“One of the most fascinating parts of this work is understanding the whole picture, but we also need to think of solutions for fixing it.”

Palvi Tynninen

It is shocking to hear that ransoms are still needed to be paid to decrypt encrypted data. Ransomware operators such as Maze and Revil have a fully dynamic game in play that steals data before encrypting the server and use publishing or sales threats as leverage in ransom negotiations.

Earlier, the theft and publication of data, was seen with the Revil operators demanding $42 million for reveling “Dirty laundry” which was related to President Trump, can still play a role in UCSF paying a ransom.

UCSF has stated that COVID-19 research was not affected by ransomware. However, the UCSF is restricted in the information that it can share about the cyber attack itself, while the investigation continues in collaboration with law enforcement.


It is difficult to deny that not only did the attackers succeed in establishing a foothold on the School of Medicine network, but also a backup of encrypted data was not available. If this is the case, Thornton-Trump says, there will be a question to ask “why the authorities are willing to pay a $1 million ransom to cybercriminals, but not willing to pay a fraction of that to enforce or maintain backups?”

It is always better to prevent and protect rather than to pay, but it is a fierce sentiment to swallow once it happens, by paying these criminals it only prevents the further rounds of attacks not for the whole life, these attackers will come back and continues the cycle of this frustrating malware.

Photo by Ilya Pavlov on Unsplash

Charu Bhatia is currently pursuing PGDM in International business, her article as "Young Entrepreneur" was published in Afsti Magazine. She has worked with as a content writer. Her hobby is to make chocolates and she loves to read Quotes and Fiction stories.

She admires one quote a lot that says
“You can always edit a bad page. You can’t edit a blank page.” 

Related post

Subscribe To Our Newsletter & Support Us

Get the latest research, analysis, and updates on everything tech, blockchian and crypto. 

You have Successfully Subscribed!