The University of California San Francisco (UCSF) has suffered a ransomware attack conducted by NetWalker, a hacker group known for its operations targeting healthcare organizations, Bloomberg reported on Thursday.
The UCSF officials confirmed the incident which they described as an “illegal intrusion”, but refused to disclose which part of its IT network may have been compromised, citing a desire to preserve the integrity of the investigation. Researchers at the university are among those leading American antibody testing and clinical trials for possible coronavirus treatments.
Peter Farley, a director of communications at UCSF, said that the attack didn’t affect patient care operations and that the university is investigating the intrusion in cooperation with security experts and law enforcement.
The NetWalker hackers posted four screenshots, including of two files accessed by the attackers, on their darkweb blog as a proof of the successful attack. The files’ names, Bloomberg said, contain possible references to the U.S. Centers for Disease Control and Prevention and departments central to the university’s coronavirus research. The hackers also threatened to publish stolen information if the ransom payment is not received by June 8, although they did not mention the value of ransom demanded.
NetWalker (also known as Mailto) is a sophisticated family of Windows ransomware that targets corporate computer networks, encrypts the files it finds, and demands a cryptocurrency payment for recovery of the encrypted data.
Like the Maze ransomware and several other ransomware families, NetWalker aggressively threatens to leak victims’ data on the internet if ransoms are not paid.