Exploit: Ransomware
University of California San Francisco: Education and Research Institution
Risk to Small Business: 1.275 = Severe
The University of California San Francisco (UCSF) confirmed this week that it paid cybercriminals $1.14 million to decrypt data following a ransomware attack. Although UCSF was able to detect the incident quickly, it was not fast enough to allow cybersecurity teams to quarantine the affected servers, and a significant portion of its medical school and research data was encrypted. The ransom was demanded to free essential COVID-19 research data that was captured in an intrusion on June 1. Reports indicate that UCSF was one of four academic institutions targeted in a single week by the Netwalker ransomware group.
Individual Risk: No patient or personal data was reported as compromised at this time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is a growing menace to every organization, and it’s not just sensitive business or financial data that Dark Web criminals are after. Research data has become an increasingly hot commodity. Paying ransoms to cybercriminals to decrypt research data sets a dangerous precedent. Collecting large sums will embolden other groups that can take down big fish to score big paydays.
Source:
https://www.infosecurity-magazine.com/news/ucsf-pays-114m-ransomware-fee