4 June 2020

NetWalker ransomware targets California university leading Covid-19 research


NetWalker ransomware targets California university leading Covid-19 research

The University of California San Francisco (UCSF) has suffered a ransomware attack conducted by NetWalker, a hacker group known for its operations targeting healthcare organizations, Bloomberg reported on Thursday.

The UCSF officials confirmed the incident which they described as an “illegal intrusion”, but refused to disclose which part of its IT network may have been compromised, citing a desire to preserve the integrity of the investigation. Researchers at the university are among those leading American antibody testing and clinical trials for possible coronavirus treatments.

Peter Farley, a director of communications at UCSF, said that the attack didn’t affect patient care operations and that the university is investigating the intrusion in cooperation with security experts and law enforcement.

The NetWalker hackers posted four screenshots, including of two files accessed by the attackers, on their darkweb blog as a proof of the successful attack. The files’ names, Bloomberg said, contain possible references to the U.S. Centers for Disease Control and Prevention and departments central to the university’s coronavirus research. The hackers also threatened to publish stolen information if the ransom payment is not received by June 8, although they did not mention the value of ransom demanded.

NetWalker (also known as Mailto) is a sophisticated family of Windows ransomware that targets corporate computer networks, encrypts the files it finds, and demands a cryptocurrency payment for recovery of the encrypted data.

Like the Maze ransomware and several other ransomware families, NetWalker aggressively threatens to leak victims’ data on the internet if ransoms are not paid.


Back to the list

Latest Posts

UK NCSC urges orgs to patch dangerous Microsoft SharePoint RCE flaw

UK NCSC urges orgs to patch dangerous Microsoft SharePoint RCE flaw

If exploited, CVE-2020-16952 could allow an attacker to run arbitrary code in the context of the local administrator on affected installations of SharePoint server.
19 October 2020
Google sheds light on tactics of APT31 that targeted Joe Biden’s campaign in June

Google sheds light on tactics of APT31 that targeted Joe Biden’s campaign in June

Google has also warned of increase in attacks by North Korean hackers against COVID-19 researchers and pharmaceutical companies.
19 October 2020
Microsoft releases out-of-band updates for RCE-flaws in Windows Codecs and Visual Studio Code

Microsoft releases out-of-band updates for RCE-flaws in Windows Codecs and Visual Studio Code

Microsoft said it has not identified any mitigating measures or workarounds for the two vulnerabilities.
19 October 2020