Hacking Group Launches Successful Ransomware Attacks against UCSF: Experts Think COVID-19 Connection

Hacking Group Launches Successful Ransomware Attacks against UCSF: Experts Think COVID-19 Connection

A notorious hacking group known to target healthcare providers executed what has reported to be a successful ransomware attack this week on the University of California, San Francisco (UCSF). Targeted as an “illegal intrusion” UCSF personnel confirmed the attack but didn’t elaborate on which section or elements of their IT network were breached. Various security experts and law enforcement have been notified. A major clinical research center, UCSF actively conducts studies investigating therapies and treatments for COVID-19. The Netwalker hacker group may seek to capitalize on the COVID-19 pandemic.

The Situation

The Netwalker hackers have unleashed a criminal ransomware campaign against health care systems involved with COVID-19 clinical research. Most recently, the nefarious group breached one of the nation’s (if not the world’s) most prominent academic medical centers: UCSF. In an effort to commence illicit negotiations, the cyber gang used their darkweb blog to showcase the stolen files and images belonging to UCSF. These gangs use the darkweb as a sort of underworld, shadowy hideout as the browsing and websites can be managed anonymously.

Seeking Money

By inserted images from UCSF’s homepage centering on their healthcare work, for example, as well as sharing screenshots of highly proprietary files associated with departments involved with COVID-19 research, the digital crooks posted a digital demand in the form of “a flashing-red timer threatening ‘secret data publication’ by June 8 Pacific Time if payment isn’t received.” Bloomberg reports that no actual monetary value was included in the demands.

IP Grabs?

But money may not be the only thing these bad people are seeking. Increasingly, institutions such as UCSF may be targeted for valuable intellectual property (IP) such as work associated with an intensive research program from antiviral trials to SARS-CoV-2 antibody investigations. For example, based on the Bloomberg report, it appears that the hackers accessed certain files. These files could they be searching for intellectual property. 

In fact, as shared by Bloomberg, Crowdstrike recently issued a research report declaring that “The use of COVID-19 lures and targeting entities in the healthcare sector indicate that the operators of Netwalker are taking advantage of the global pandemic in order to gain notoriety and increase their customer base.”

UCSF Position

Bloomberg reported that Peter Farley, director of communications at UCSF, commented that they are working with security experts and law enforcement in “conducting a thorough assessment of the incident, including a determination of what, if any, information may have been compromised.” UCSF’s spokesman can’t say much else at this point.

Other Malicious Digital Attacks

Two days ago, Netwalker also penetrated Michigan State University (MSU) networks and then threatened to publish stolen proprietary and sensitive information. MSU refused to pay the criminals. Although the hack was isolated to the physics and astronomy departments, the hacking group clearly is sophisticated enough to hit multiple academic medical centers at once. The group stole student personal information and financial documents.  Additional targets of the multicenter strike included Columbia College of Chicago.