University of California gets fleeced by hackers for $1.14 million

The University of California has been hit by a ransomware attack that cost the institution $1.14 million.

A ransomware criminal gang called “Netwalker” hacked the university’s servers and encrypted large amounts of data, some of which university officials told BBC News is “important to some of the academic work we pursue as a university serving the public good.”

Authorities advise against companies paying the ransom as there is no guarantee that the attackers will release the data or destroy their own copies of it. It also serves to fund their criminal enterprises. Regardless, the University of California representatives decided to move forward with the negotiations.

An anonymous tip to BBC News allowed them to follow the negotiations on the dark web, which they published on Tuesday. The criminals’ original asking price was $3 million as they pointed out that the University pulls in “$4-5 billions per year.”

The UC negotiator countered with $780,000 saying that the pandemic has been hard on the university’s finances.

After a long afternoon of negotiations, the two sides settled on a price of $1,140,895 to be delivered in bitcoin. The UC is working with law enforcement officials to investigate the case. On Memorial Day, Michigan State University faced a similar situation but took a hard stand to not pay the ransom.

It’s becoming increasingly difficult for businesses to protect themselves against ransomware attacks. Backing up files offline is highly recommended as well as thorough training of staff on cybersecurity. Most attacks start with a single phishing email being opened.