- Hackers shut down the University of California researchers’ servers.
- Latest transcripts reveal the intense negotiations that took place to recover data related to COVID-19 treatment.
- There has been an uptick in professional ransomware attacks in recent times
With both lives and millions of dollars on the line, researchers face a massive bitcoin ransom to save their COVID-19 vaccine data.
Don’t Take It The Wrong Way
On June 5, researchers at the University of California San Francisco (UCSF) suddenly found their biostatistics data inaccessible. This included COVID-19 research, Bloomberg reported. The hackers had shut down their servers and demanded they visit a site on the dark web to begin negotiations.
They wanted 3 million dollars. With tens of millions, perhaps even billions of dollars on the line, the University had to take the threat seriously.
However, this was not the ransom of 20th-century gangsters. The hacker seemed to have an almost jovial tone. Though any security team is embarrassed by a breach, the Operator, as the hacker, called himself, explained that the lab was just in the wrong place at the wrong time.
Though he first asked for $3 million, acquired transcripts reveal he was willing to negotiate:
My friend. Your team needs to understand; this is not your failure. Everything device with the internet is vulnerable…You need to understand. For you, as a big university, our price is shit.
Hacking – Do you have what it takes?
In contrast to individual hackers scouring the net on their own, today’s hackers are well organized. According to the U.S. Department of Justice, some of these groups spent 2019 professionalizing their modus operandi.
Groups of hackers are now working in a coordinated manner, targeting several victims at once. Some of them have front end websites, press releases, and statements about ethical standards.
The Operator who attacked UCSF sounded like he almost felt bad for his victim. Meanwhile, the dark web site, where the hackers sent their victims, looks almost like an online store checkout.
When initially offered $780,000, the hacker replied jokingly:
Keep that 780 K to buy Mc Donalds for all employers. It is a minimal amount for us. I am sorry.
Obviously, things went more insane. The days of rich family kidnapping to ruthless gangsters have turned to the corporate level.
Friends don’t exist with Business – Even with Bitcoins
In the end, there is not much doubt about who the hackers are. Analysis of the Operator’s grammar is suggestive of Russian origin. He appears to be part of the growing hacking group called “Netwalker.” Interestingly, Cynet, an Israeli security group, said the group had prohibited English speakers from joining.
Another hacking group known as “Maze” made a statement of sympathy in a different incident:
We are living in the same economic reality as you are. That’s why we prefer to work under the arrangements, and we are ready to compromise.
The ransom negotiations seem to be more like business negotiations. It appears to be the intimidation of organized crime with the distance and anonymity of the internet.
Excessive Praising Will Get You All Over
The professional negotiator that the University brought in was able to push back. They also confirmed that it would be possible to restore the Biostat department’s servers. This gave them a little leverage. It proved that the hackers hadn’t just destroyed the servers and bluffed.
After several tough days, the negotiator fell back on flattery:
I have read about you on the internet and know that you are a famous ransomware hacker group and very professional. I know you will honor your word when we agree on a price, right?
These were the “magic words” that opened the hackers up to bargaining. Using more psychological tricks, the negotiator reduced the ransom to $1.14 million, which was paid with 116 bitcoin.
Just Hang Out A Bit
This particular attack comes at a time of increasing hacks. With so much on the line, professional hackers see an opportunity where victims have too much to lose. In May, the FBI reported that Chinese government hackers were targeting vaccine data.
The extensive crypto exchange Bitfinex recently offered hackers a $400 million reward for returning the $1.5 billion digital currency they stole in a 2016 attack. The hackers ignored this and even began moving the bitcoin to a new wallet.
Last month, a teenage hacker took control of several high-profile Twitter accounts and faked a charity drive to steal less than $200,000 in bitcoin.
As for the UCSF hack, when the negotiators asked for extra time, the hackers agreed if they could double the ransom. This was the move of a professional.
These attacks are unlikely to disappear soon. Just as cryptocurrency markets are open 24/7, so are hackers. Moty Cristal, a ransomware negotiator in Tel Aviv, said,