Was it worth $1.14m?

During these dark times during Covid-19 we are hearing more stories of cyber attacks. The result of cyber attacks can vary, but as we know it affects one of the elements of the security trio (Confidentiality, Availability and Integrity). One such entity fell foul recently.

The University of California San Francisco (UCSF) was in a race to stop malware from spreading.  Why?  Because this malware seemed to encrypt data.

By encrypting data, this affected UCSF in the following ways:

  • Accessing information they urgently need to help develop a cure for Covid-19.
  • Risking sensitive personal information on the dark web.
  • Stress and hassle to negotiate with attackers.

UCSF were in negotiations with the Netwalker criminal gang.  This is not an isolated case and all over the world negotiations are happening.   Like any criminals, it is advised not to negotiate because they can simply do it again and know it is a numbers game.  Someone will pay up at some point.

Fundamentally, UCSF is reported to have made billions, so the attackers upped their ransom to $3m.

The decryption software was provided and the data the attackers had were removed off the dark web.  One problem is that they will have a “promise” from the attackers the data would be deleted.

Come on… why would attackers do that?  Their incentive is to attack to gain monetise their exploits in the first place.

How can we protect ourselves?

Attackers need a way into your system. Often, this may be in the form of an email that if a staff members click on the links may inadvertently download malware on your systems and so then it begins….

Just remember that being a University, it is not just employees that we would need to worry about. It is the thousands of students that access the University computers and it is not surprising educational entities struggle with protecting their systems.

What is the most valuable commodity in the world?

UCSF finally paid, albeit a lower amount than what was asked at $1.14m in Bitcoin. But this is a lessons to us all.  Let us remind ourselves what is the most valuable commodity in the world? Gold? Oil? As you have guessed it, it is information.

Just imagine if your business, whether you a solo-entrepreneur, medium size business or large scale business, we all suffer one thing which is the weakest chain in security – people. You need make the users of your systems aware of the dangers of cyber criminals and ensure usage policies are sufficient.

And finally, backup, backup, backup! By regularly performing backups of your data, this will at least provide damage limitation.

And remember…. Security is Not A Compromise!

Stay safe.

#StayHomeSaveLives#cybersecurity , #infosec#informationsecurity#security#datasecurity#datasecuritybreach#personaldata#gdprcompliance#dataprotection#pcidss#gdpr#cyberattack#dataprivacy