IT staff unplugged computers in a race to stop the malware spreading. And an anonymous tip-off enabled BBC News to follow the ransom negotiations in a live chat on the dark web.
Cyber-security experts say these sorts of negotiations are now happening all over the world - sometimes for even larger sums - against the advice of law-enforcement agencies, including the FBI, Europol and the UK's National Cyber Security Centre. Instructed to log in - either by or a ransom note left on hacked computer screens - UCSF was met with the following message, posted on 5 June.
But snonymous identity theft becoming a more popular form of fraud, according to the Federal Trade Commission FTCmore attention is being paid to chat rooms that serve as flea markets for hackers. In the first week of this month alone, Proofpoint's cyber-security analysts say they saw more than one million s with using a variety of phishing lures, including fake Covid testsent to organisations in the US, France, Germany, Greece, and Italy.
Organisations are encouraged anoymous regularly back-up their data offline. And the next day, That same aspect of IRC also makes it a tough digital obstacle for law enforcement.
It told BBC News: "The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. Netwalker alone has been linked to at least two other ransomware attacks on universities in the past two months.
The feds were able to track down the hacker known as "Mafiaboy" when he bragged about his exploits in chat rooms. Six hours later, chaat university asked for more time and for details of the hack to be removed from Netwalker's public blog.
And an anonymous tip-off enabled BBC News to follow the ransom hacoer in a live chat on the dark web. IT staff unplugged computers in a race to stop the malware spreading.
But there is also a countdown timer ticking down to a time when the hackers either double the price anonynous their ransom, or delete the data they have scrambled with malware.