Show vulnerabilities with patch / with exploit
4 June 2020

NetWalker ransomware targets California university leading Covid-19 research


NetWalker ransomware targets California university leading Covid-19 research

The University of California San Francisco (UCSF) has suffered a ransomware attack conducted by NetWalker, a hacker group known for its operations targeting healthcare organizations, Bloomberg reported on Thursday.

The UCSF officials confirmed the incident which they described as an “illegal intrusion”, but refused to disclose which part of its IT network may have been compromised, citing a desire to preserve the integrity of the investigation. Researchers at the university are among those leading American antibody testing and clinical trials for possible coronavirus treatments.

Peter Farley, a director of communications at UCSF, said that the attack didn’t affect patient care operations and that the university is investigating the intrusion in cooperation with security experts and law enforcement.

The NetWalker hackers posted four screenshots, including of two files accessed by the attackers, on their darkweb blog as a proof of the successful attack. The files’ names, Bloomberg said, contain possible references to the U.S. Centers for Disease Control and Prevention and departments central to the university’s coronavirus research. The hackers also threatened to publish stolen information if the ransom payment is not received by June 8, although they did not mention the value of ransom demanded.

NetWalker (also known as Mailto) is a sophisticated family of Windows ransomware that targets corporate computer networks, encrypts the files it finds, and demands a cryptocurrency payment for recovery of the encrypted data.

Like the Maze ransomware and several other ransomware families, NetWalker aggressively threatens to leak victims’ data on the internet if ransoms are not paid.


Back to the list

Latest Posts

Vulnerability summary for the week: July 10, 2020

Vulnerability summary for the week: July 10, 2020

Weekly vulnerability digest.
10 July 2020
Evilnum, FIN6, and Cobalt Group share the same malware provider

Evilnum, FIN6, and Cobalt Group share the same malware provider

The Evilnum group’s toolset and infrastructure have evolved and now include custom malware as well as tools bought from a MaaS provider called Golden Chickens.
10 July 2020
RCE-bug found in Zoom client for Windows

RCE-bug found in Zoom client for Windows

The flaw is only exploitable on systems running Windows 7 and older Windows versions.
10 July 2020