A top medical research institution working on a cure for the Coronavirus paid hackers a $1.14m ransom after negotiations witnessed by BBC News. The hackers behind Netwalker ransomware attacked the University of California, San Francisco on June 1st of 2020. In a frenzy, IT staffers for the University unplugged computers in an effort to stop the malware from spreading.
An anonymous tip-off enabled BBC News to follow negotiations in a chat that took place on the dark web. Security experts say these kinds of negotiations happen all the time, sometimes for even larger sums, and against the advice of law-enforcement agencies. Netwalker ransomware has been linked to at least two other malware attacks on universities in the spring of 2020.
Netwalker Ransomware Operators Negotiate a Seven-Figure Payout
The dark-web homepage utilized by Netwalker ransomware looks much like a standard customer-service website, with a frequently asked questions (FAQ) tab, a “free” sample of its software, and an option for live-chat. It also has a countdown timer ticking down to a point in time when hackers will either double the ransom or delete the encrypted data.
After being instructed to log in, the communications between the university and Netwalker ransomware began. Six hours later, the school asked for more time and for details of the hack to be removed from Netwalker’s public blog. The hackers noted that UCSF made billions a year and then demanded a payment of $3 million. After a UCSF representative explained the Coronavirus pandemic had been “financially devastating” for the university, the school made a counteroffer of $780,000. After 24 hours of back-and-forth negotiations, UCSF said it had pulled together all available funds and could pay $1.02 million, with the criminals countering that they would not go below $1.5 million.
Hours later, the university came back with a final offer of $1,140,895, which was accepted. The next day, 116.4 bitcoins were transferred to Netwalker’s electronic wallets while the decryption software was sent to UCSF. UCSF is now helping the FBI investigation into the matter while working to restore all of it’s affected systems.
The University told BBC News: “The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We, therefore, made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.“
The Netwalker ransomware attack proves that, even in the midst of a pandemic and race to find a cure to save lives, the for-profit hacking industry only cares about one thing: making large sums of money.