University of California Payed Hackers Ransom of $1.14 million

UCSF Health building

The University of California was attacked by Netwalker, a group that has been linked to at least two other ransomware attacks on other universities. The group managed to hack the universities’ system and encrypted some of their files. The university wrote in a press release that it decided to pay a ransom of $1.14 million to retrieve their data. The BBC was able to follow the ransom negotiations as they took place.

Ransomware Attack

The corona virus is still spreading around the globe, and researchers are working hard to find a cure for it. Sadly, research facilities have become a common target for hackers and other cyber criminals. The facilities work with valuable data and access to this data could be a matter of life or death. So when hackers encrypt this data it is likely that research institutions will pay a ransom to access it again.

The University of California in San Francisco (UCSF) is researching a vaccine for the corona virus as well. The University states in the press release that the institution’s IT staff detected an attack on June 1. They successfully managed to isolate the malware from the core of the network. “Importantly, this incident did not affect our patient care delivery operations, overall campus network, or Covid-19 work,”  the release states.

But the attackers did manage to install malware which encrypted a number of servers within the School of Medicine. This type of malware is also known as ransomware. “The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained”.


A reporter for BBC News was able to witness the negotiation between the hackers and the university. These negotiations took place in a live chat on the dark web. The hackers initially asked UCSF for $3 million. After some discussion over several days, 116.4 bitcoins ($1.14m) were transferred into Netwalker’s online wallets and UCSF received the encryption key to their data.

UCSF is now working with the FBI to assist them in their research, so they can’t share many more details about the attack. The university did state in their press release that it does not “currently believe patient medical records were exposed”. As soon as more details about the attack become known they will be shared with the public.

Corona Crisis

This isn’t the first attack on a research institution. Over the previous months, a number of hospitals, laboratories, and other healthcare facilities have been targeted by hackers. A Parisian hospital was targeted by a DDoS attack in March. And in April cybercriminals managed to obtain login details and passwords of WHO employees as well.

The FBI and CISA have also told organizations to take extra measures to secure their computer systems. According to them, research facilities, pharmaceutical companies, and other organizations researching the development of a vaccine for the corona virus are being targeted by Chinese hackers.

Cybersecurity analyst
David is a cybersecurity analyst and one of the founders of Since 2014 he has been gaining international experience working with governments, NGOs, and the private sector as a cybersecurity and VPN expert and advisor.