The world of crypto is rife with scams, hacking and various malicious actions: according to a recent BBC News report, the University of California at San Francisco paid hackers $1.14 million in Bitcoin after a ransom attack earlier this month of July.
The NetWalker ransomware was discovered in August 2019; home users, businesses, government agencies and healthcare organizations reported being attacked by this group. In the past two months, Netwalker has been linked to at least two other ransom attacks against universities.
The cyber-attack was originally called Mailto or Koko because of the extension that was added to the encrypted files, but analysis of one of its decryptions indicates that its name is NetWalker.
Basically, NetWalker is the name given to a family of Windows ransomwares that target corporate computer networks, encrypting the files they find, and requiring that a payment in cryptocurrency be made for the secure recovery of encrypted data. Their black-web home page looks like a standard customer service site, with a Frequently Asked Questions (FAQ) tab, an offer of a 'free' sample of their software and a live chat option, and then there is also a countdown timer that shows when hackers double their ransom price or erase data that they have scrambled with malware.
Several companies around the world have already fallen victim to ransomware, such as Toll Group, an Australian transport and logistics company, which has been victimized for the second time in three months with a ransom demand. On 3 February, the group said that computer systems had been disabled due to a malware infection, which later turned out to be the MailTo ransom software.
According to BBC News, the criminal gang Netwalker attacked the University of California at San Francisco (UCSF) on June 1. The victim was a major medical research institution working on a cure for Covid-19. An anonymous tip allowed BBC News to follow the ransom negotiations in a live chat on the black web.
Netwalker ransomware encrypted the data on the medical school's servers, making it temporarily inaccessible. The cyber-attack group engaged the victim in a conversation on the site, and demanded to pay $3 million in crypto for their files and computers to be restored. Otherwise, the files would all be wiped clean. UCSF received the following message, posted on 5 June, asking her to log on, either by e-mail or by leaving a ransom demand on the screens of the hacked computers.
The university offered to pay $780,000, but after black web negotiations witnessed by BBC News, they agreed to a ransom of $1.14 million. The next day, after the university transferred 116.4 bitcoins to Netwalker's electronic wallets, it received a decryption tool to unlock the data blocked by the attack.
The university did not specify what data was affected, but it says it did not affect patient care delivery operations or work related to COVID-19. It stated:
'The knowledge that was once encrypted is necessary for one of the most informative boards we pursue as a college serving the general public as it should be. We then made the difficult choice to pay a portion of the ransom, approximately $1.14 million, to the people behind the malware attack...'
«So we made the difficult decision to pay part of the ransom, about 1.14 million dollars, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained. It would be a mistake to assume that all the statements and claims made in the negotiations are factually correct'.
UCSF added that it was now assisting the FBI in its investigation, while at the same time working to restore the data that had been deleted.
According to cyber security experts, unfortunately, such negotiations are currently taking place all over the world, and in general, law enforcement authorities including the FBI, Europol and the UK National Cybersecurity Centre are opposed to sending cryptocurrency to hackers. They explain that crypto-actives such as Bitcoin can easily be sent through a 'shuffler' that makes them incredibly difficult to track, making it unlikely that the victims who pay these organizations will ever be able to recover the stolen funds.
According to Jan Op Gen Oorth, a Europol agent, paying the ransom only encourages an increase in the ransom. He said:
'Victims should not pay the ransom, as this finances the criminals and encourages them to continue their illegal activities. Instead, they should report it to the police so that law enforcement can disrupt the criminal enterprise'.
For his part, Brett Callow, a threat analyst at cyber security company Emsisoft, said: 'Organizations in this situation don't have a good option. Even if they pay for the request, they will simply receive a small promise that the stolen data will be deleted. But why would a ruthless criminal enterprise delete data that it could later monetize?'
Written by Laetitia Harson
Cartam: Free marketplace for cryptocurrency users
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.