Comment: Hackers Extort $1.14m From University Of California, San Francisco

BBC reported that Netwalker criminal gang have extorted $1.14m from the University of California, San Francisco.  According to the BBC, it witnessed the covert negotiations over the ransom on a live chat taking place on the dark web.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Tarik Saleh
Tarik Saleh , Senior Security Engineer and Malware Researcher
InfoSec Expert
June 30, 2020 11:25 am

NetWalker’s usual entry point is a phishing email, which is why prevention through cyber awareness training courses remain organisations’ best bet to prevent falling victim to this type of attack. This is particularly true for high profile targets such as Universities, which have thousands of endpoints to secure and hold sensitive personal information and valuable research data.

It is unfortunate that the University of California San Francisco had to resort to paying the ransom to retrieve its files, as sadly this works as an incentive for these criminal gangs to continue with their profitable endeavours. In these cases, it is also not guaranteed that, once paid their share, criminals will actually provide the victim with a decryption key. For this reason, organisations should add regular, offline backups to their ransomware prevention strategy

Last edited 2 years ago by Tarik Saleh
Carl Wearn
Carl Wearn , Head of E-Crime
InfoSec Expert
June 30, 2020 10:04 am

Organisations, in this case a university, paying a ransom this large is really troubling and highlights that many will do anything to avoid disruption to their daily operations. Our recent State of Email Security report found that the average downtime from a ransomware attack is three days, and for many this time gap is unacceptable and drives organisations to pay the ransom. However, it is recommended that victims should never give in to the pressure and pay the ransom, as there is no guarantee that encryption keys will be provided. Payment also encourages cybercriminals to try their luck for more. Our research found that 50% of UK organisations have been impacted by ransomware attacks in the last year, and as long as organisations continue to pay, attackers will view this attack approach as being financially viable. In the long run, organisations would actually save money by investing in cyber-resiliency before attacks take place and criminals force ransom to be paid. These criminals and others now know that this organisation is a target that pays and there is a significantly increased likelihood of further attacks if no significant cyber-resiliency changes are implemented quickly.

To minimise the threat of ransomware attacks, organisations must implement adequate resiliency measures to preserve business-as-usual should the worst happen. Non-networked backups and a fallback email and archiving process need to become standard security measures if organisations are to significantly mitigate ransomware threats. Individual users can also assist greatly by being aware of the potential for unsafe attachments, but should also be wary of clicking any email links received in any communication, as criminals are increasingly utilising URL links rather than file-based attachments to infect networks.”

Last edited 2 years ago by Carl Wearn
2
0
Would love your thoughts, please comment.x
()
x