Skip to content

How Hackers Bled 118 Bitcoins Out of Covid Researchers in U.S.

Transcripts reveal University of California at San Francisco’s weeklong negotiation to free its ransomware-locked servers. The haggling worked, sort of.

relates to How Hackers Bled 118 Bitcoins Out of Covid Researchers in U.S.

Photo: Getty Images

The negotiator entered the chatroom four days after the attack. Hackers had locked down several servers used by the epidemiology and biostatistics department at the University of California at San Francisco, and wanted a $3 million ransom to give them the keys. On Friday, June 5, at 6:50 p.m., they directed a UCSF negotiator to a webpage on the dark web—meaning beyond the realm of Google—that listed a dozen or so sets of apparent victims and demands. The whole thing looked oddly like a customer service portal. Just below the university’s entry was a flashing red timer counting down to a payment deadline. It read: 2 days, 23 hours, 0 minutes. If the counter reached zero, the ransom message said, the price would double.

In a secure chat that the hackers set up with a digital key, the UCSF negotiator said the attack couldn’t have come at a worse time. The department was racing to try to help develop some kind of treatment or vaccine for Covid-19, the negotiator said, and hinted that the researchers hadn’t taken the time to duly back up their data. “We’ve poured almost all funds into COVID-19 research to help cure this disease,” the anonymous negotiator typed in the chat, pleading something between poverty and force majeure. “That on top of all the cuts due to classes being canceled has put a serious strain on the whole school.”