The BBC claims to have obtained proof of ransom negotiations between the NetWalker gang and the University of California San Francisco almost a week after the college publicly reported on the costly security incident.
Readers might recall that NetWalker ransomware operators recently persuaded the UCSF to pay over $1 million in an extortion scheme using data-encrypting malware. Now, BBC News reports that an anonymous tip-off allegedly enabled the outlet to follow the ransom negotiations in a live chat on the dark web.
According to the screen captures, NetWalker operators initially demanded a $3 million ransom, reasoning the amount is pennies for an education institution with billions in annual turnover. But the university, likely with the help of an external specialist negotiator, explained the pandemic had been “financially devastating” for the college and asked them to accept $780,000. After some back and forth, the hackers eventually accepted 116.4 bitcoins, or roughly $1.14 million.
Reached by BBC News for comment, the university offered the same explanation it provided in its original announcement: “The data that was encrypted is important to some of the academic work we pursue as a university serving the public good.” It said it had no choice but to pay to unlock the encrypted data.
The school also suggested to BBC reporters that the screenshots obtained by the outlet are fake.
“It would be a mistake to assume that all of the statements and claims made in the negotiations are factually accurate,” the UCSF said.