A group of hackers with a history of targeting health-care organizations executed a successful ransomware attack this week on the
The university has alerted security experts and law enforcement of the attack, which didn’t affect its patient care operations, according to a statement issued by the university.
“With their assistance, we are conducting a thorough assessment of the incident, including a determination of what, if any, information may have been compromised,” the university said. “In order to preserve the integrity of the investigation, we will need to limit what we can share at this time.”
The hackers, known as Netwalker, claimed credit for the attack on their dark web blog. The post dedicated to UCSF appeared to have been copied and pasted from the university’s home page promoting its work on health care.
Attack groups often post data samples to prove the success of their breach. In this case, their blog posted four screenshots, including two files allegedly accessed by the attackers. The files’ names, seen by Bloomberg on the dark web, contain acronyms that appear to reference the U.S. Centers for Disease Control and Prevention and departments central to the university’s coronavirus research.
The blog includes a flashing-red timer threatening “secret data publication” by June 8 if payment isn’t received. The post doesn’t mention the value of ransom demanded. But it did mention other alleged hacking victims in recent days: Columbia College in Chicago and Michigan State University. The universities didn’t immediately respond to requests for comment.
In most ransomware cases, payment is followed by the exchange of a decryption key that allows victims to gain access to their files. When victims don’t pay, which is often the case when they have backup copies to restore their data, attack groups sometimes publish the most sensitive data in hopes of coaxing payment.
Hackers are increasingly targeting institutions like UCSF not only for ransomware payments themselves, but also for possibly lucrative intellectual property, like research on a cure for Covid-19. UCSF has engaged in extensive sampling and antibody testing, including on the experimental antiviral drug
The U.S. was hit by a record volume of ransomware attacks in 2019 and attackers have shown little sign of relenting in 2020, when users spent more time on less secure networks while working from home. In 2019, at least 966 government agencies, schools and health-care providers were attacked at a cost of more than $7.5 billion, according to the cyber research firm Emsisoft. Among those were almost 90 universities and school districts.
Netwalker ransomware was first introduced and operated by the criminal cyber group dubbed Circus Spider by
“The use of Covid-19 lures and targeting entities in the health-care sector indicate that the operators of Netwalker are taking advantage of the global pandemic in order to gain notoriety and increase their customer base,” according to a Crowdstrike research report.
(Updates with other hacked universities in eighth paragraph)
To contact the reporter on this story:
To contact the editor responsible for this story:
© 2020 Bloomberg L.P. All rights reserved. Used with permission.