author photo
By Clare O’Gara
Wed | Jul 1, 2020 | 7:28 AM PDT

That's a pretty penny for a hack.

But it's a price that the University of California San Francisco (UCSF) was willing to pay.

Hacking a School of Medicine during a global pandemic is more than a little ironic.

But according to a recent update, UCSF believes that the attack was opportunistic, rather than targeted.

Just as though it was trying to curb the spread of a disease like COVID-19, the university moved quickly to control the malware's reach:

"We quarantined several IT systems within the School of Medicine as a safety measure, and we successfully isolated the incident from the core UCSF network. Importantly, this incident did not affect our patient care delivery operations, overall campus network, or COVID-19 work.

While we stopped the attack as it was occurring, the actors launched malware that encrypted a limited number of servers within the School of Medicine, making them temporarily inaccessible. Since that time, we have been working with a leading cyber-security consultant and other outside experts to investigate the incident and reinforce our IT systems' defenses."

With the hacker holding university data hostage, UCSF ultimately made the decision to pay the ransom. Its reasoning:

"The data that was encrypted is important to some of the academic work we pursue as a university serving the public good."

For a $1.14 million price tag, UCSF says it did receive the keys to unlock its encrypted data.

Tags: Ransomware,