UCSF is a research university whose recent efforts have been focused on health sciences generally and COVID-19-related research specifically. On June 3rd, 2020, Netwalker published a notice on a site they use for data leaks.
It stated they had successfully breached the UCSF network, publishing a sample of the files stolen during their attack. The sample included a number of student applications, complete with social security numbers, and screen shots of folder listings that appeared to contain financial information, medical studies, university employee information and the like. Later the same day that the post and samples appeared on the Netwalker leak site, UCSF confirmed the attack.
Their formal statement on the matter reads in part, as follows:
“As we disclosed on June 3, UCSF IT staff detected a security incident that occurred in a limited part of the UCSF School of Medicine’s IT environment on June 1.
We quarantined several IT systems within the School of Medicine as a safety measure, and we successfully isolated the incident from the core UCSF network. Importantly, this incident did not affect our patient care delivery operations, overall campus network, or COVID-19 work.
The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We, therefore, made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.”
It’s a staggering sum that underscores just how serious these kinds of attacks can be. Worse, over the last several months, UCSF is the third university to be successfully attacked. With months to go in 2020, they will almost certainly not be the last.