Register immediately
View: 7|Reply: 0
Print Prev. thread Next thread

How hackers extorted $1.14m from University of California, San Francisco

[Copy link]







Lv.3 Junior Member

Rank: 2

Jump to specified page
The Landlord
Post time 2020-6-30 03:32:33 | Show the author posts only Reply Awards |Descending |Read mode
Edited by mari123 at 2020-6-30 03:34

A leading medical research institute working on the treatment of disease Covid-19 admits it paid hackers for $ 1.14m (£ 910,000) to ransom after secret negotiations by BBC News Witnesses.

The Netwalker criminal team attacked the University of California San Francisco (UCSF) on June 1.

IT staff unplug their computers to stop spreading malware.

And anonymous tips make BBC News follow the ransom negotiations on live web-based chat.

Cyber ​​security experts say that this type of negotiation is taking place around the world, sometimes for a larger sum - against the recommendations of law enforcement agencies, including the FBI, Europol and the United National Cyber ​​Security Center. The kingdom

Netwalker alone has been linked to at least two other ransomware attacks on campus in the last two months.

Netwalker's dark web website used for negotiations with victims

At first glance, the dark home page looks like a standard customer service website with a FAQ tab. "Free" software sample offers and live chat options

But there is also a countdown timer that drops to the moment when the hacker may double their ransom price or delete data that is interfering with malware.

Order to login - by email or save the ransom on the computer screen that hacked - UCSF encountered the following message posted on June 5.

Six hours later, the university asked for more time and asked for the details of the hack to be removed from Netwalker's public blog.

Noticing that UCSF makes billions a year, hackers are calling for $ 3m.

But a UCSF representative, who may be an expert negotiator, explained that the major coronary outbreak was "Financial annihilation" for the university and begged them to accept $ 780,000

After a day-long negotiation, UCSF said it had collected all the available funds and could pay $ 1.02 million - but criminals refused to be below $ 1.5m.

An hour later, the university returned with details of more financing methods and the final offer of $ 1,140,895.

And the next day, 116.4 bitcoins were transferred to Netwalker's electronic wallet and the decoding software sent to UCSF.

UCSF is currently assisting the FBI in investigations while working to restore all affected systems.

It told BBC News: "The encrypted data is important to some academic work we do as a public service university.

"We have made a difficult decision to pay some $ 1.14 million to the people behind the malware attacks in exchange for tools to unlock encrypted data and return the data received.

"It is a mistake to assume that all the statements and claims made in the negotiations are true."

The hackers and the university negotiated in a live chat on the dark web

But Europol Jan Op Gen Oorth, who carried out a project called No More Ransom, said: "Victims should not pay the ransom because of financial criminals and encourage them to continue illegal activities.

"They should report to the police so that law enforcement can hinder organized crime."

Brett Callow, a cyber security threat analyst, Emsisoft said: "The organization in this situation doesn't have a good option.

"Although they pay on demand But they will get a pink promise that the stolen data will be deleted.

"But why would a cruel criminal organization delete data that may generate additional revenue later?"

Most ransomware attacks begin with trapped emaiI, and research suggests that criminal gangs are using tools that can access the system via a single download. In the first week of this month alone, Proofpoint's cyber security analysts said they saw more than a million emails using a variety of baits, including the results of the Covid-19 phishing test sent to organizations in the United States, France, Germany, Greece. And italy

Encourage organizations to regularly backup offline

But Ryan Kalember's Proofpoint says: "The university can be a challenging environment for IT administrators.

"The ever-changing student population, combined with a culture of openness and information sharing, can conflict with the rules and controls needed to effectively protect users and systems from attacks."



Use magic Report

You have to log in before you can reply Login | Register immediately

Points Rules

Privacy Policy|Creative-Destruction  

2020-7-11 17:49 GMT-5 , Processed in 0.024618 second(s), 20 queries .

Powered by Discuz! X3.3

© 2001-2017 Comsenz Inc.

Quick Reply To Top Return to the list