You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

How Does A Cyber Hostage Situation Go Down?

Leadership at UC San Francisco experienced first-hand the upside down world of Ransomware negotiations. It got expensive.

Taking their cues from hostage scenes in movies?

New details have emerged from the Ransomware attack at the University of California at San Francisco's epidemiology department. They give an insider view of these negotiations with hackers.

Officials spent 6 days negotiating with their unseen perps while UCSF's critical COVID-19 research sat at risk. Cybercriminals have hit several vaccine research facilities since the start of the pandemic. In fact, the US and the UK recently accused Russia and China of hacking coronavirus vaccine trials.

Now, reporters have copies of the transcript from the Dark Web negotiation that led to over a million dollars in profits to the hackers.

With the affect of a used-car salesman, Operator—probably based somewhere safely out of reach of U.S. law enforcement—led a negotiation that bore a lot of similarities to an old-school, flesh-and-blood kidnapping.

In making their multi-million dollar ransom demand, the hackers suggested knowledge of the institution's deep pockets. This came to light when they pointed out UCSF's giant annual revenue numbers.

Dark Web Dealings: the hacker group (aka Operator) scoffed at UCSF pleas for flexibility.

The Dark Web forum belongs to the NetWalker group, one of the more notorious Ransomware teams. Just like any profitable business, the NetWalker team is hiring. With profits like these, it's not shocking that smart hackers want to join the organization.

NetWalker's Dark Web blog advertises their latest victim.

These hackers no longer fly blind in their ransom demands. Once their Ransomware infects a victim, their team moves into action, researching their newfound money source. They identify the organization's data loss risks and adjust their demands accordingly.

"If we’ll release on our blog student records/data, I’m 100% sure you will lose more than our price what we ask.” - NetWalker "Operator"

While nation-states threaten our intellectual property and business assets, these attackers can be stopped.

The first step is training your team to avoid the initial Phishing email, the one that the UCSF fell for.

Are you ready to take action?
We make it easy to protect your team from attacks just like this one. Find out how to protect your team with INFIMA's Automated Security Awareness platform.

To get a quote, set up a call with our (non-pushy) sales team here!

Original article here.

Joel Cahill

Cyber security enthusiast. Entrepreneur.