The University of California at San Francisco (UCSF) paid out over $1.14 million in Bitcoin to hackers earlier this week, days after their data was held as ransom by a group of unidentified individuals.
Authorities are monitoring transactions and have passed the case on to relevant cyber-crime officials, as per reports on Tuesday.
UCSF affected
Hackers blocked a selection of data servers from the university’s overall computing network. Compromised data containing sensitive research information — such as the UCSF’s work on medical studies — among other uncategorized data.
The affected servers were blocked by encrypted malware, masking the hackers’ identities.
The incident first came to light on June 1, after UCSF’s I.T. department raised concerns of and confirmed an isolated security incident on a “limited number of servers in the School of Medicine.” the servers were isolated from the UCSF core network.
All servers, at the time, were left inaccessible, and stolen data immediately encrypted to prove a hack — instead of carelessness in data handling — had been perpetrated.
In a release, UCSF said the data was vital to research for “serving the public good,” adding that the data that was encrypted is important to some of the academic work we pursue as a university serving the public good.”
This caused the school to make the “difficult decision” of paying $1.14 million to the individuals heading the malware attack.
Bitcoin paid, tool received
UCSF has since received a tool to unlock the encrypted data and the return of the data held by attackers, the release confirmed.
University officials told reporters their work on patient care, COVID-19, or general campus activities was unaffected. In terms of avoiding such an attack again, they said a team of security experts will be brought in to educate and eliminate such future threats.
Affected servers will be restored in the coming weeks. Meanwhile, UCSF said the incident highlighted the growing threat of malware by cybercriminals, although not blaming the use of Bitcoin in any way:
“This incident reflects the growing use of malware by cyber-criminals around the world seeking monetary gain, including several recent attacks on institutions of higher education.”
Investigations are ongoing.