Skip to main content

Major University In California Pays Large Ransom After Ransomware Attack

By July 13, 2020May 5th, 2022Cybersecurity

The University of San Francisco (UCSF) is the latest organization to fall victim to hackers, running afoul of a group utilizing the Netwalker ransomware strain.

UCSF is a research university whose recent efforts have been focused on health sciences generally and COVID-19-related research specifically. On June 3rd, 2020, Netwalker published a notice on a site they use for data leaks.

It stated they had successfully breached the UCSF network, publishing a sample of the files stolen during their attack. The sample included a number of student applications, complete with social security numbers, and screen shots of folder listings that appeared to contain financial information, medical studies, university employee information and the like. Later the same day that the post and samples appeared on the Netwalker leak site, UCSF confirmed the attack.

Their formal statement on the matter reads in part, as follows:

“As we disclosed on June 3, UCSF IT staff detected a security incident that occurred in a limited part of the UCSF School of Medicine’s IT environment on June 1.

We quarantined several IT systems within the School of Medicine as a safety measure, and we successfully isolated the incident from the core UCSF network. Importantly, this incident did not affect our patient care delivery operations, overall campus network, or COVID-19 work.

The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We, therefore, made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.”

It’s a staggering sum that underscores just how serious these kinds of attacks can be. Worse, over the last several months, UCSF is the third university to be successfully attacked. With months to go in 2020, they will almost certainly not be the last.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.