Ransomware: Netwalker Cybercriminal Gang Extorts $1.14M From University in the Midst of Finding a COVID-19 Cure

The University of California in San Francisco has been busy trying to find a way to beat the ongoing coronavirus pandemic. However, amid their struggle, they were attacked by a cybercrime gang called Netwalker that managed to extort a huge amount of money from them.

cybercriminal ransomware Netwalker
UCSF IT staff were quick to unplug the computers to prevent further spread of the malware. Pete Linforth from Pixabay

Ransomware Attack at UCSF

In an exclusive report by The BBC, the news outlet was able to follow the negotiation of the cybercriminals with the institute on the dark web and saw how it all went down.

According to the report, the gang attacked the university last June 1 as the IT staff of the institute quickly unplugged the computers to prevent the further spread of the malware in a ransomware attack. Ransomware is when cybercriminals hack your computer or the system and encrypt them. Even the best IT staff won't be able to decrypt the system.

The hackers would then get in touch with the victim, and ask for a certain amount of money in exchange for the encryption key that will allow them to break the code and bring their computer back to normal.

Read Also: SEC Warns Investors From Dealing With iBSmartify Nigeria Cryptocurrency; Here's Why


Multiple attacks from the cybercriminals

In the past two months, Netwalker has been linked to several ransomware attacks on the university. Nevertheless, experts in the cybersecurity field believe that it is happening around the world, and ransom negotiations often occur on the dark web. As such, it will be hard to pinpoint the hacker's location.

With an anonymous tip, The BBC was able to follow the negotiation on the dark web and saw how the cybercriminals were able to extort $1.14 million from the institute.

According to them, the site where the ransom negotiation took place looked like any typical customer service website with a frequently asked questions (FAQ) tab and even a portion where visitors could get a "free" sample of the software they are offering. There's a live chat option as well.

The biggest difference is the ominous countdown timer on the website ticking down to zero. It signified the time the hackers would either double the money they're asking for, or delete all the data they were able to gather from the hack.

For the University of California, it could mean losing all the data they have gathered in their research against COVID-19.

The negotiation

The BBC was able to take screenshots of the negotiation where UCSF asked for an extension.

Netwalker noted how the university is making billions per year, so they initially asked for $3 million from the institute, to which the UCSF representative said that the coronavirus pandemic had been "financially devastating" for them, so they begged the hackers to accept a ransom of $780,000.

The hacker then replied and said that the money was too small, and if they publish their blog that includes all the sensitive data from the institute, they would lose more money than that. The negotiation lasted a whole day, and finally, the negotiation ended with the final offer of $1,140,895.

UCSF is now working with the Federal Bureau of Investigation (FBI) with its investigation.

"The data that was encrypted is important to some of the academic work we pursue as a university serving the public good," the university said.

"We, therefore, made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained."

Read Also: [HACKERS] Unpatched Windows Vulnerabilities Targeted by 'Lucifer': New Malware Capable of DDoS Attacks and Cryptojacking

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics