The University of California, San Francisco paid criminal hackers $1.14 million this month to resolve a ransomware attack.
The hackers encrypted data on servers inside the school of medicine, the university said Friday. While researchers at UCSF are among those leading coronavirus-related antibody testing, the attack didn’t impede its Covid-19 work, it said. The university is working with a team of cybersecurity contractors to restore the hampered servers “soon.”
“The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” it said in the statement. “We therefore made the difficult decision to pay some portion of the ransom.”
The intrusion was detected as recently as June 1, and UCSF said the actors were halted during the attack. Yet using malware known as Netwalker, the hackers obtained and revealed data that prompted UCSF to engage in ransomware negotiations, which ultimately followed with payment.
In exchange, the university said it received a key to restore access to the files, and copies of the stolen documents. The university declined to say what was in the files that was worth more than $1 million, except that it didn’t believe patient medical records were exposed.