A team of hackers with a history of targeting healthcare organizations executed an excellent ransomware attack this week around the University of California, San Francisco.
UCSF confirmed it had been the target of your “illegal intrusion” but declined to explain which percentage of its IT network might have been compromised. Researchers with the university are among those leading American antibody testing and clinical trials for possible coronavirus treatments, including a recent study on anti-malarial drugs touted by President Donald Trump as being a possible remedy, then refuted by scientists.
If any, information may have been compromised,” Farley said in a statement, the university has alerted security experts and law enforcement of the attack, which didn’t affect its patient care operations, said Peter Farley, a director of communications at UCSF.“With their assistance, we are conducting a thorough assessment of the incident, including a determination of what. “In order to preserve the integrity of the investigation, we should limit what we can share currently.”
Find out more: Malaria Drug Taken by Trump Provides No Covid-19 ProtectionThe NetWalker hackers claimed credit for the attack on the darkweb blog. The post dedicated to UCSF seemed to be copy and pasted from your university’s homepage promoting its focus on healthcare.Attack groups often post data samples to prove the success of their breach. In cases like this, their blog posted four screenshots, including of two files accessed with the attackers. The files’ names, seen by Bloomberg around the darkweb, contain possible references to the US Centers for Disease Control and Preventiondepartments and Prevention central towards the university’s coronavirus research.
If payment isn’t received, the blog includes a flashing-red timer threatening “secret data publication” by June 8 Pacific Time. The post doesn’t mention the price of ransom demanded.
In the majority of ransomware cases, payment is followed by the exchange of the decryption key that enables victims to get into their files. When victims don’t pay, which is usually the case when they have backup copies to regenerate their data, attack groups sometimes publish the most sensitive data in hopes of coaxing payment.
Hackers are increasingly targeting institutions like UCSF not only for ransomware payments themselves, but also for possibly lucrative intellectual property, like valuable research on a cure for Covid-19. UCSF has engaged in extensive sampling and anti-body testing, including in the experimental anti-viral drug remdesivir, which has shown signs and symptoms of being effective at the start of the Covid-19 life-cycle.
The US was hit with a record volume of ransomware attacks in 2019 and attackers have demostrated little indication of relenting in 2020, when users spent more hours on less secure networks while working from your home. In 2019, at least 966 government agencies, schools and healthcare providers were attacked at a cost of more than $7.5 billion, according to the cyber research firm Emsisoft. Among those were almost 90 universities.Netwalker ransomware was first operated and introduced by the criminal cyber group dubbed Circus Spider by CrowdStrike Inc. Since September 2019, Netwalker ransomware has been actively used by criminal actors with links to malware including Mailto, Koko, and KazKavKovKiz.“The use of Covid-19 lures and targeting entities in the healthcare sector indicate that the operators of Netwalker are taking advantage of the global pandemic in order to gain notoriety and increase their customer base,” according to a Crowdstrike research report.