preloader image

A ransomware gang has struck gold again, this time for more than $1 million.

The University of California, San Francisco (UCSF) announced on June 26 that it paid $1.14 million to a ransomware group.

“We … made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained,” said the university, which had an endowment with assets of $4 billion as of June 30, 2019.


The breach occurred on June 1 at the UCSF School of Medicine’s IT network. The university initially addressed the incident in a short statement on June 17, though it wasn’t identified as ransomware at that time.

UCSF said it quarantined several IT systems within the School of Medicine and claims to have successfully isolated the incident from the core UCSF network.

“Importantly, this incident did not affect our patient care delivery operations, overall campus network, or COVID-19 work,” UCSF said.

Fox News has reached out to UCSF with a request for comment.

On June 3, Netwalker, a criminal ransomware organization, claimed, in a post published on its site, that it had hacked into UCSF’s network, according to Bleeping Computer.

In that post, Netwalker listed some breached files, “including student applications with social security numbers, and folder listings appearing to contain employee information, medical studies, and financials,” Bleeping Computer wrote.

Netwalker is a prime example of a cybercriminal enterprise as a business model. Netwalker has evolved into a “ransomware-as-a-service (RaaS) operation” and even has a group of “affiliates” that target “enterprise networks” in order to reap larger rewards, Bleeping Computer added.

To the dismay of businesses and institutions across the U.S., ransomware has become a successful business model, earning hundreds of thousands and in rare cases, over $1 million dollars per attack.

Victims have handed over more than $140 million total to cybercriminals over the last six and a half years, ZDNet reported, citing data from the FBI.

Some of the larger examples include a $600,000 ransom paid by the Riviera Beach City Council in Florida in June 2019 and a $500,000 payment from Lake City, Florida that same month.

In 2017, South Korean web-hosting company Nayana paid nearly $1 million, which was the largest payment ever at the time.


Business Achievement Awards

Russian hackers are trying to take advantage of the millions of employees working from home because of shelter-in-place orders.

Security firm Symantec said this week that it had discovered and then notified businesses that the Russian hacking group Evil Corp has been targeting remote employees with so-called ransomware attacks.

In a typical ransomware attack, criminals send victims an email—often created to look like it’s from a colleague—that contains a link to a malicious site. When users access the fraudulent site, criminals can then take over their computers and demand payment—typically in cryptocurrency like Bitcoin—to regain control of their devices.

In the case of Evil Corp’s ransomware attack, Symantec said the hackers wanted to “cripple” a company’s “IT infrastructure by encrypting most of their computers and servers in order to demand a multimillion-dollar ransom.”

Symantec said that 31 U.S.-based organizations were compromised in the latest series of attacks, “eight of which are Fortune 500 companies.” The security firm did not reveal the names of the impacted organizations nor whether they paid any ransoms. The security firm said that while the hackers “breached the networks of targeted organizations,” the criminals were only “in the process of laying the groundwork for staging ransomware attacks,” implying that they didn’t complete their intended extortion plans.

This recent hacking attempt used a specific type of ransomware known as WastedLocker, which Symantec said was developed by Evil Corp. Two of Evil Corp’s alleged members have been previously charged by the U.S. Department of Justice for a separate “decade-long cybercrime spree” affecting unspecified banks and financial firms, Symantec said.

Eric Chien, Symantec’s technical director, said in an interview with the New York Times, that hackers were able to launch ransomware attacks on workers via malware that “was deployed on common websites and even one news site,” without describing those compromised websites containing the malicious code. From those compromised websites, users inadvertently downloaded a bogus software update that installs the malware onto their computers.

That malware inspects people’s computers to see if they have installed a corporate virtual private network, or VPN, that businesses typically require their remote employees to use in order to access sensitive corporate data. The malware learns the name of the employee’s company from the VPN and is then able to infect people’s computers once those workers visit another website.

“Once the machine is reconnected to the corporate network, the code is deployed, in hopes of gaining access to corporate systems,” the Times said.

More must-read tech coverage from Fortune:

  • A new coating could protect ATMs from spreading diseases like COVID-19. But will it work?
  • George Floyd protests, coronavirus face masks pose challenges for facial recognition
  • E-book reading is booming during the coronavirus pandemic
  • Can Nikola Motor’s big battery promises be true?
  • Big investors like Bitcoin for the wrong reason

Business Achievement Awards

New ransomware has popped up that may signal more malicious COVID-19 apps are coming.

The “CryCryptor” app, distributed on two websites under the guise of an official COVID-19 tracing app provided by Health Canada, has been targeting Android users, according to researchers at cybersecurity software firm ESET.

The app largely does what ransomware most does — it encrypts, or locks, critical user files on a device. In a typical ransomware case, you have to pay a criminal organization to unlock the files.


The news was first reported by ZDNet.

CryCryptor surfaced a few days after Canadian Prime Minister Justin Trudeau announced an official contact tracing app, known as COVID Alert. The app is slated to be released for testing in the province of Ontario early next month.

The COVID Alert app uses Bluetooth technology provided by Apple and Google, which announced a partnership in April to provide technology for COVID-19 contact tracing app developers.

The researchers at ESET, after analyzing the ransomware, created a decryption tool for victims, which unlocks affected files. The company said it informed the Canadian Centre for Cyber Security about the threat as soon as it was identified.

Not surprisingly, malicious hackers are already capitalizing on the legitimate push to create contact tracing apps.


Earlier this month, cybersecurity firm Anomali Threat Research identified “multiple” fake COVID-19 contact tracing apps that are designed to download malware that steals personal data.

“These apps, once installed on a device, are designed to download and install malware to monitor infected devices, and to steal banking credentials and personal data,” Anomali said.

“Threat actors continue to imitate official apps to take advantage of the brand recognition and perceived trust of those released by government agencies. The global impact of the COVID-19 pandemic makes the virus a recognizable and potentially fear-inducing name, of which actors will continue to abuse,” Anomali said.

But even legitimate apps could be vulnerable.

Mobile application security firm Guardsquare recently published a report saying that the urgency to get apps quickly to market risks sacrificing security for speed as governments rush to get contact tracing tools out there as soon as possible to help reduce the spread of the virus.

Amnesty International has singled out certain countries rushing apps into development that “run roughshod over people’s privacy, with highly invasive surveillance tools which go far beyond what is justified in efforts to tackle COVID-19,” said Claudio Guarnieri, the head of Amnesty International’s Security Lab.


Business Achievement Awards

Business Achievement Award

Copyrights © 2020 Business Achievement Awards All Rights Reserved.