IT staff at the University of California on June 1 found that servers used by the San Francisco School of Medicine had been contaminated with malware when hackers breached the network earlier that day. After the breach, researchers couldn’t access encrypted data on the network.
“The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” said the university in a press release on Friday.
The attackers held up information they obtained as proof that they had successfully hacked the network. Then, they demanded a ransom.
“We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained,” said the university.
The university said that the breach only affected a minority of its systems. It had no effect on the university’s hospital work, including COVID-19 work.
To address the matter, it has cooperated with the FBI, as well as “a leading cyber-security consultant and other outside experts to investigate.” It expects to restore the servers soon.
The university did not say whether the ransom was paid in cryptocurrency or fiat currency. According to a report from the BBC, however, UCSF transferred 116.4 Bitcoin (BTC) to the hackers’ wallet to settle the ransom.
Cryptocurrencies, such as the privacy coin Monero, are popular among hackers due to their baked-in privacy features, which obscure their identities. This makes it more difficult to trace funds raised from ransoms.
The university’s breach coincides with several high-profile ransomware attacks. Hacker group REvil has targeted several high profile figures in the entertainment industry. Previous targets include Madonna and Lady Gaga.
Tomorrow, an auction for sensitive data about LeBron James, Nicki Minaj and Mariah Carey, will commence. REvil only accepts Monero.