A group of hackers carried out a ransomware attack against researchers at COVID-19 at the University of California at San Francisco and received 116 bitcoins.

The amount is equivalent to about 7.6 million reais, according to CoinGoLive. Now, the transcripts that have emerged recently reveal how the whole operation took place.

The attack

Although the group's name was initially a mystery, a Bloomberg report said the organization had a history of targeting healthcare providers.

Later, the group dubbed Netwalker claimed the ransomware attack at the University of California at San Francisco (UCSF) in early June.

UCSF confirmed the attack by specifying that the target was a research team testing a possible vaccine against coronavirus.

Important reading: What is ransomware, how to prevent it and how to possibly get rid of one

The university alerted security experts and law enforcement agencies about the attack and that "with their help, we are conducting a full assessment of the incident, including a determination of what information, if any, may have been compromised."

University of California at San Francisco (UCSF).

When executing a ransomware attack, hackers gain control over confidential information belonging to the victim and request some form of paid ransom to unlock it. In this specific scenario, Netwalker initially demanded $ 3 million.

The negotiations

According to the transcripts revealed by Bloomberg, the UCSF negotiator entered the chat room four days after the hack, when the attackers had already blocked several servers used by the researchers.

The hackers redirected the UCSF negotiator to a page on the dark web containing at least ten victims and demands and a flashing red timer counting down to the payment deadline.

On June 5, it was listed on the website: 2 days, 23 hours, 0 minutes. If the ransom was not paid within that period, the price would double.

Although the UCSF negotiator stated that the university was out of funds due to the COVID-19 pandemic, the hacker's representative, called Operator, said that a school that collects more than $ 7 billion in revenue each year should have no problem paying a few million.

“You need to understand, for you, as a big university, our price sucks. You can receive this money in a few hours. You need to take us seriously. If we launch student records / data on our blog, I am 100% sure that you will lose more than the price we ask for. ” – warned the Operator.

Bitcoin payment

Negotiations continued for almost a week with some classic strategies used by the UCSF negotiator, such as requesting a postponement and trying to reduce the ransom price.

In the end, some of the tricks actually worked when the two sides reached an agreement – 116 bitcoins. With the price of a BTC just under $ 10,000 at the time, the value was equal to $ 1.14 million.

After a day and a half of closing the deal and buying bitcoins, UCSF transferred the funds. As soon as they did, the university was given access to the decryption key for the blocked information and the hackers forwarded all the data they had stolen.

It took the attackers two days to decrypt, transmit and show that they deleted their copies of the stolen files, but the whole drama ended on June 14.


Please enter your comment!
Please enter your name here