Malware attacks on major companies and institutions are nothing new. But experts say moving to work from home amid the COVID-19 pandemic could make it easier for hackers to find a way to get in.
The University of California, San Francisco paid a $ 1.14 million ransom to hackers in June to retrieve data from its medical school that had been encrypted in a cyber attack, the university announced Friday. The attack marked the third in a series of recent cyber attacks against universities.
The prestigious medical school is among several universities that have been targeted by ransomware in recent months. “Netwalker”, the ransomware software responsible for UCSF hacking, was used to carry out similar attacks against Michigan State University and Columbia College in Chicago in late May and early June. The state of Michigan decided not to pay its ransom on the advice of law enforcement agencies, which led to the publication of financial documents and personal information from the university online.
Carolyn Crandall, Chief Deception Officer at Attivo Networks cybersecurity service, said moving to remote work amid COVID-1
Crandall said that Attivo has observed an increase in ransomware attacks among its customers in recent months that it fears that could eventually lead to further high-profile violations.
“I hope I’m wrong, that the shoe is not going to fall, but I fear, given what we know as security professionals, that there is certainly a greater risk,” he said.
Hackers hit UCSF on June 1 with malware that encrypted data on some servers of the School of Medicine, making them inaccessible. Hackers requested a ransom payment to release the data, a request that UCSF grudgingly satisfied on June 6 after a day of negotiations on a dark-web website.
“Encrypted data is important for some of the academic activities we pursue as a university serving the public good,” the university wrote in a press release. “We then made the difficult decision to pay a portion of the ransom, about $ 1.14 million, to the people behind the malware attack in exchange for a tool to unlock encrypted data and return the obtained data.”
According to the UCSF, the accident did not affect patient delivery operations or COVID-19 research. The university is working with an “IT security expert” to investigate the attack and expects to be able to restore the affected data soon.
Crandall said companies are generally advised not to pay the ransoms if hit by ransomware attacks.
“Inherently, (for a fee) it doesn’t guarantee that the data will be returned or that the decryptor (to recover the files) will work,” Crandall said. “And there is always the possibility that even if you pay the first time, they could come back and hit you again.”