Crypto-Ransom Scam: University of California ransomed $1.15 Million

Netwalker behind the attack

116.4 bitcoins ransomed

Notification of police authorities

The world of crypto is rife with scams, hacking and various malicious actions: according to a recent BBC News report, the University of California at San Francisco paid hackers $1.14 million in Bitcoin after a ransom attack earlier this month of July.

Netwalker behind the attack

The NetWalker ransomware was discovered in August 2019; home users, businesses, government agencies and healthcare organizations reported being attacked by this group. In the past two months, Netwalker has been linked to at least two other ransom attacks against universities.

The cyber-attack was originally called Mailto or Koko because of the extension that was added to the encrypted files, but analysis of one of its decryptions indicates that its name is NetWalker.

Basically, NetWalker is the name given to a family of Windows ransomwares that target corporate computer networks, encrypting the files they find, and requiring that a payment in cryptocurrency be made for the secure recovery of encrypted data. Their black-web home page looks like a standard customer service site, with a Frequently Asked Questions (FAQ) tab, an offer of a “free” sample of their software and a live chat option, and then there is also a countdown timer that shows when hackers double their ransom price or erase data that they have scrambled with malware.

Several companies around the world have already fallen victim to ransomware, such as Toll Group, an Australian transport and logistics company, which has been victimized for the second time in three months with a ransom demand. On 3 February, the group said that computer systems had been disabled due to a malware infection, which later turned out to be the MailTo ransom software.

116.4 bitcoins ransomed

According to BBC News, the criminal gang Netwalker attacked the University of California at San Francisco (UCSF) on June 1. The victim was a major medical research institution working on a cure for Covid-19. An anonymous tip allowed BBC News to follow the ransom negotiations in a live chat on the black web.

Netwalker ransomware encrypted the data on the medical school’s servers, making it temporarily inaccessible. The cyber-attack group engaged the victim in a conversation on the site, and demanded to pay $3 million in crypto for their files and computers to be restored. Otherwise, the files would all be wiped clean. UCSF received the following message, posted on 5 June, asking her to log on, either by e-mail or by leaving a ransom demand on the screens of the hacked computers.

The university offered to pay $780,000, but after black web negotiations witnessed by BBC News, they agreed to a ransom of $1.14 million. The next day, after the university transferred 116.4 bitcoins to Netwalker’s electronic wallets, it received a decryption tool to unlock the data blocked by the attack.

The university did not specify what data was affected, but it says it did not affect patient care delivery operations or work related to COVID-19. It stated:

“The knowledge that was once encrypted is necessary for one of the most informative boards we pursue as a college serving the general public as it should be. We then made the difficult choice to pay a portion of the ransom, approximately $1.14 million, to the people behind the malware attack…”

«So we made the difficult decision to pay part of the ransom, about 1.14 million dollars, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained. It would be a mistake to assume that all the statements and claims made in the negotiations are factually correct”.

UCSF added that it was now assisting the FBI in its investigation, while at the same time working to restore the data that had been deleted.

Notification of police authorities

According to cyber security experts, unfortunately, such negotiations are currently taking place all over the world, and in general, law enforcement authorities including the FBI, Europol and the UK National Cybersecurity Centre are opposed to sending cryptocurrency to hackers. They explain that crypto-actives such as Bitcoin can easily be sent through a “shuffler” that makes them incredibly difficult to track, making it unlikely that the victims who pay these organizations will ever be able to recover the stolen funds.

According to Jan Op Gen Oorth, a Europol agent, paying the ransom only encourages an increase in the ransom. He said:

“Victims should not pay the ransom, as this finances the criminals and encourages them to continue their illegal activities. Instead, they should report it to the police so that law enforcement can disrupt the criminal enterprise”.

For his part, Brett Callow, a threat analyst at cyber security company Emsisoft, said: “Organizations in this situation don’t have a good option. Even if they pay for the request, they will simply receive a small promise that the stolen data will be deleted. But why would a ruthless criminal enterprise delete data that it could later monetize?”

Written by Laetisia Harson, Project Manager at Magna Numeris

https://twitter.com/CartamOfficial

--

--

--

Magna Numeris is a startup developing solutions for cryptocurrency users, pushing the boundaries of conventional platforms to help grow the peer-to-peer economy

Love podcasts or audiobooks? Learn on the go with our new app.

Source code security & the build environment

A Peek into BEP20 Token Development

Daily Dividend Pool Injection Has Been Made From Prize Pool Fund 💥

Bluetooth BrakTooth Bug causing Havoc!

Here Are (My Personal) Ways On How I Keep My Digital Files

{UPDATE} Diamante Juegos Solitario Hack Free Resources Generator

Protecting Your Salon from Credit Card Scams

SSD’s Security Disclosure weekly news recap — March 25, 2021

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Magna Numeris

Magna Numeris

Magna Numeris is a startup developing solutions for cryptocurrency users, pushing the boundaries of conventional platforms to help grow the peer-to-peer economy

More from Medium

49ers Free Agency: What’s Next After the First Wave

Flux Node Setup with VMWare Workstation 16 Pro

Week 1 Progress Update

50mm Nihon