California university pays $1 million ransom amid coronavirus research

A university in California previously reported to be conducting COVID-19 research has paid $1.14 million to digital scammers who locked the schools’ systems and demanded an extortion fee.

The University of California, San Francisco said on Friday it paid the ransom after malicious software infected a “limited number of servers” in an attack detected on June 1 at the university’s School of Medicine. While it remains unclear what, exactly, was affected, the school said the incident did not affect its patient care system, the campus network or the school’s research on the coronavirus. Scientists at the university are conducting trials into whether anti-malarial drugs may help mitigate the COVID-19 pandemic, as Bloomberg first reported.

“Our investigation is ongoing but, at this time, we believe that the malware encrypted our servers opportunistically, with no particular area being targeted,” university officials said in an announcement Friday. “The attackers obtained some data as proof of their action, to use in their demand for a ransom payment. We are continuing our investigation, but we do not currently believe patient medical records were exposed.”

While U.S. law enforcement typically advises against paying ransomware demands, victimized organizations sometimes meet attackers’ demands when decryption without hackers’ help seems unlikely, or cost-prohibitive.

Attackers from the so-called Netwalker ransomware gang were behind this incident, BBC News reported, the latest in a series of ransomware hacks against universities and public health agencies. The scam also coincides with an evolution in ransomware techniques, as hackers increase the size of their demands and, in some cases, threaten to publicize stolen data when victims refuse to pay.