155 125 141

Over the year, the NetWalker hacking group has been targeting colleges across the US and threatening them to release confidential data if their ransom demand is not met. Attackers are increasingly impacting educational institutions not only for ransomware payments but also for COVID-19 related research.

What's with the colleges?

On May 28th, and threatened them to publicize the stolen data if a ransom was not paid. The ransom demand was not met, which prompted the ransomware operators to publicly release the institution's data including screenshots showing file directories, financial documents, and a passport scan stolen from the university's network. By attacking, the NetWalker group added one more college to its list of victims. The hackers alarmed the college about selling the stolen data, comprising students' private information like social security numbers, on the dark web markets. 

Allegedly, the NetWalker hacking group has attacked the, stealing unencrypted data and encrypting their systems as reported on June 3rd. As part of the UCSF breach, the hackers have published screenshots of the stolen files on their data leak site, which include students' social security numbers, a spreadsheet, and folders containing employee information, financials, and medical studies.

NetWalker, bigger than it appears the ransomware started its operations as "Mailto" in 2019, and later in February 2020, it renamed itself to NetWalker.NetWalker is known to target exposed remote desktop services and obtain access to organizations' networks to steal unencrypted files before encrypting their systems.

Before the attacks on educational institutions, the NetWalker hacking group attacked an Australian transportation and logistics company, encrypting its systems across several sites and business units in February 2020. In March 2020, luring victims with information on COVID-19 through phishing emails enclosing malicious PDFs. These PDF files led to the installation of the NetWalker ransomware.                                

Looking at the recent victims, which were all academic institutions, the attacks may point out a vulnerability in exposed remote desktop servers or a widely used application or device. Universities must ensure that they patch their systems properly, filter their emails, disable PowerShell when not required, and use multi-factor authentication.




You've reached the end of published parts.

⏰ Last updated: Oct 16, 2020 ⏰

Add this story to your Library to get notified about new parts!

I need a hacker to help me change my gradesWhere stories live. Discover now