Comment: Hackers Extort $1.14m From University Of California, San Francisco

BBC reported that Netwalker criminal gang have extorted $1.14m from the University of California, San Francisco.  According to the BBC, it witnessed the covert negotiations over the ransom on a live chat taking place on the dark web.

Experts Comments

June 30, 2020
Carl Wearn
Head of E-Crime
Mimecast
Organisations, in this case a university, paying a ransom this large is really troubling and highlights that many will do anything to avoid disruption to their daily operations. Our recent State of Email Security report found that the average downtime from a ransomware attack is three days, and for many this time gap is unacceptable and drives organisations to pay the ransom. However, it is recommended that victims should never give in to the pressure and pay the ransom, as there is no.....Read More
Organisations, in this case a university, paying a ransom this large is really troubling and highlights that many will do anything to avoid disruption to their daily operations. Our recent State of Email Security report found that the average downtime from a ransomware attack is three days, and for many this time gap is unacceptable and drives organisations to pay the ransom. However, it is recommended that victims should never give in to the pressure and pay the ransom, as there is no guarantee that encryption keys will be provided. Payment also encourages cybercriminals to try their luck for more. Our research found that 50% of UK organisations have been impacted by ransomware attacks in the last year, and as long as organisations continue to pay, attackers will view this attack approach as being financially viable. In the long run, organisations would actually save money by investing in cyber-resiliency before attacks take place and criminals force ransom to be paid. These criminals and others now know that this organisation is a target that pays and there is a significantly increased likelihood of further attacks if no significant cyber-resiliency changes are implemented quickly. To minimise the threat of ransomware attacks, organisations must implement adequate resiliency measures to preserve business-as-usual should the worst happen. Non-networked backups and a fallback email and archiving process need to become standard security measures if organisations are to significantly mitigate ransomware threats. Individual users can also assist greatly by being aware of the potential for unsafe attachments, but should also be wary of clicking any email links received in any communication, as criminals are increasingly utilising URL links rather than file-based attachments to infect networks.”  Read Less
June 30, 2020
Tarik Saleh
Senior Security Engineer and Malware Researcher
DomainTools
NetWalker’s usual entry point is a phishing email, which is why prevention through cyber awareness training courses remain organisations’ best bet to prevent falling victim to this type of attack. This is particularly true for high profile targets such as Universities, which have thousands of endpoints to secure and hold sensitive personal information and valuable research data. It is unfortunate that the University of California San Francisco had to resort to paying the ransom to retrieve .....Read More
NetWalker’s usual entry point is a phishing email, which is why prevention through cyber awareness training courses remain organisations’ best bet to prevent falling victim to this type of attack. This is particularly true for high profile targets such as Universities, which have thousands of endpoints to secure and hold sensitive personal information and valuable research data. It is unfortunate that the University of California San Francisco had to resort to paying the ransom to retrieve its files, as sadly this works as an incentive for these criminal gangs to continue with their profitable endeavours. In these cases, it is also not guaranteed that, once paid their share, criminals will actually provide the victim with a decryption key. For this reason, organisations should add regular, offline backups to their ransomware prevention strategy  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.