UCSF forced to pay ransom to perpetrators of malware attack

Hackers who attacked computer servers at the University of California at San Francisco School of Medicine were paid a ransom of more than $1 million to regain access to data that had been maliciously encrypted by malware, university officials announced Friday.

The school's Information Technology staff detected a security incident on June 1 and the affected areas, described as "a limited number of servers in the School of Medicine," were isolated from the UCSF core network.

The attack left the servers inaccessible and malware uploaded during the breach encrypted data on the affected servers that was used by the attackers as proof of what had been perpetrated.

"The data that was encrypted is important to some of the academic work we pursue as a university serving the public good," the university said in a news release. "We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained."

Officials emphasized that the attack did not affect patient care, its novel coronavirus work or the overall campus network.

The university said it is working with a cyber-security consultant and other outside experts to investigate the attack and bolster system defenses.

The tainted servers are expected to be restored in the near future.

"This incident reflects the growing use of malware by cyber-criminals around the world seeking monetary gain, including several recent attacks on institutions of higher education," the university said. "We continue to cooperate with law enforcement, and we appreciate everyone's understanding that we are limited in what we can share while we continue with our investigation."