Ransomware gang Netwalker attacked the University of California San Francisco medical school's computer systems June 1, initially demanding a $3 million ransom, according to BBC News.
After negotiations with Netwalker, UCSF paid $1.14 million in ransom to unlock the servers and data the hackers encrypted. Due to an anonymous tip, BBC News was able to follow the negotiations between UCSF and Netwalker in a live chat on the dark web.
When it comes to paying ransoms, cybersecurity expert Jan Op Gen Oorth from Europol said victims should not pay because it encourages criminals to continue inflicting ransomware on others, while Brett Callow, a threat analyst at cybersecurity company Emsisoft said that "organizations in this situation are without a good option."
Five things to know about Netwalker's dark website and how it negotiates with victims:
1. The website resembles a "standard customer-service website" and features a frequently asked questions tab, a live chat option and a "free" sample of its software.
2. The website includes a countdown timer that ticks down to a time when Netwalker either deletes the data they infected with malware or doubles the price of the ransom.
3. UCSF was instructed to log in to Netwalker's website for negotiations either by email or a ransom note left on the hacked computer screens. After a day of negotiations on June 5, UCSF made a final offer of $1.14 million and the next day transferred the amount in bitcoin to Netwalker's electronic wallets.
4. UCSF told BBC News that it paid the ransom because "the data that was encrypted is important to some of the academic work we pursue as a university serving the public good," adding, "It would be a mistake to assume that all of the statements and claims made in the negotiations are factually accurate."
5. Most ransomware attacks start through email phishing, and research suggests that cyber criminals are using tools that gain access to systems via a single download.
Click here to view the full report.