Skip to content Skip to navigation
See our Campus Ready site for most up to date information about the fall semester.Campus ReadyCOVID Help

In the News

UCSF Medical School Officials Pay Hackers $1.14 Million Ransom to Recover Stolen Data

Officials at the University of California, San Francisco Medical School have announced they paid a $1.14 million ransom to the NetWalker hacking group to protect data involved in a ransomware attack that occurred in early June.  

The University has cited the need to protect data and research serving the "public good" as the primary factor for making this decision.

 

Officials emphasized that the attack did not affect patient care, its novel coronavirus work or the overall campus network.

CBSNews San Francisco, June 28. 2020

https://sanfrancisco.cbslocal.com/2020/06/28/cyber-attack-ucsf-medical-s...

For additional news coverage we recommend:

UCSF Campus News Update, June 26, 2020

https://www.ucsf.edu/news/2020/06/417911/update-it-security-incident-ucsf

UCSF Campus News Update, June 17, 2020

https://www.ucsf.edu/news/2020/06/417861/ucsf-update-it-security-incident


Online learning platform exposes data on one million students

Security researchers are reporting that online learning platform Oneclass.com has potentially exposed up to 8.9 million records on approximately 1 million students in North America.  The data wasn't properly secured in a database accessible from the internet.

The exposed data includes personally identifiable information (PII) described as students' full names, physical addresses, telephone numbers, email addresses and information on schools/universities students are attending. It is strongly advised that students registered with this company take immediate measures to safeguard their online identities including changing passwords, adopting a password manager such as LastPass, and monitoring their sensitive accounts.

Infosecurity, June 29, 2020

https://www.infosecurity-magazine.com/news/online-learning-exposes-data-...


Facebook slaps labels on 'state-controlled' media outlets

Facebook announced that it is going to be adding a label to media outlets that they identify as 'state-controlled" media.  This will include pages and profiles as well as their content including the ads they produce.

ZDNet, June 5, 2020

https://www.zdnet.com/article/facebook-slaps-labels-on-state-controlled-...


Hackers Target California University Leading Covid-19 Research

Hackers targeting Covid-19 Research institutions successfully completed a ransomware attack against University of California, San Francisco recently. At this time, details of the attack have not been made available to the public, but officials at UCSF have stated that this event didn't impact medical and patient care areas.

Bloomberg Business News, June 3, 2020

https://www.bnnbloomberg.ca/hackers-target-california-university-leading...

Additional information on the Netwalker ransomware attack of UC San Francisco can be found here at Bleeping Computer.

Netwalker ransomware continues assault on US colleges, hits UCSF

https://www.bleepingcomputer.com/news/security/netwalker-ransomware-cont...


Ransomware gangs team up to form extortion cartel

Ransomware-as-a-Service (RaaS) has really taken off as a successful business model throughout 2019-2020.  The attackers newest tactic has been to threaten victims with the release of stolen data unless the victims pay the ransom within the time period demanded.  

Bleeping Computer reports that many ransomware operators have banded together to form a cartel using a new platform for leaking stolen data. 

Bleeping Computer, June 3, 2020

https://www.bleepingcomputer.com/news/security/ransomware-gangs-team-up-...


REvil Ransomware Gang Starts Auctioning Victim Data

A hacker group calling itself REvil Ransomware enterprise has announced that it will begin auctioning off data stolen from its ransomware victims in what appears to be an attempt to escalate tactics by using public shaming of victims. This is part of an evolving trend toward criminal extortion being used by ransomware groups. The amount of ransom being paid out to these groups has declined with the onset of the Covid-19 global pandemic.  

Krebs on Security, June 2, 2020
https://krebsonsecurity.com/2020/06/revil-ransomware-gang-starts-auction...


Student loan company that stole millions from consumers leaks sensitive phone calls, SSNs, tax records

A student loan debt relief company, Student Advocates Group, which has been identified as being a scam to steal money from student loan borrowers, has leaked Personally Identifiable Information (PII) including tax records and social security numbers from an unsecured cloud storage service.  None of this information was encrypted or redacted and security researchers are saying that the company didn't take reasonble measures to protect this highly sensitive consumer data.

Cybernews, June 4, 2020

https://cybernews.com/security/student-loan-company-stole-millions-leaks...

Any students who have applied for student debt relief assistance using this company are urged to take steps to protect themselves from fraud and identity theft.


NetWalker Ransomware: What You Need To Know

NetWalker is the name of a family of ransomware that targets Windows operating systems. The hacker groups using this ransomware act in a way similar to another group deploying Maze ransomware. Both groups are becoming increasingly aggressive in their efforts to extort money from their victims.

Tripwire, May 28, 2020

https://www.tripwire.com/state-of-security/featured/netwalker-ransomware...


Feds warn that Chinese attempts to hack health care, drug firms threaten U.S. COVID-19 response

The US Government issued a warning that Chinese hackers attacking pharmaceutical companies, healthcare institutions and research centers focusing on Covid-19-related research poses a "significant threat" to the US response capabilities to the global pandemic.

 

"One tactic cyberattackers are now using against health care institutions is known as "password spraying," according to the advisory. The technique uses a single common word over many users on one network, in the hope that at least one account will be penetrated. The advisory also said outside contractors with access to medical information and research are often targeted."

NBC News, May 13, 2020

https://www.nbcnews.com/politics/national-security/feds-warn-chinese-att...


Zoom Lets Attackers Steal Windows Credentials, Run Programs via UNC Links

A vulnerability in popular video communications platform, Zoom, let's hackers gain access to user's Windows login information.

Bleeping Computer, March 31, 2020

https://www.bleepingcomputer.com/news/security/zoom-lets-attackers-steal...


Ransomware wreaks havoc across Europe

Businesses in Italy and Switzerland are being targeted by hacking groups using ransomware. As ransomware attacks continue to increase globally, IT information security staff must increasely rely on employee "best practices" and user education and awareness  programs.

 

“A technical analysis of the incidents revealed that the IT security of the companies affected was often incomplete and the usual best practices were not fully observed. Furthermore, warnings from the authorities were not heeded.”

InfoSecurity, February 20, 2020

https://www.infosecurity-magazine.com/news/ransomware-wreaks-havoc-across/


United Arab Emirate chat app, ToTok reported to be 'spyware'

A recent NYTimes investigative report discloses that a popular UAE web application often used on mobile devices, ToTok, is essentially a spying tool for the Persian Gulf nation.  ToTok's ability to collect and monitor user data makes it an effective 'spyware' tool. 

NYTimes, Dec 22nd, 2019

https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html

Users are advised to either remove the software or excercise caution when using the app, especially if they might be at a higher-than-normal risk for being targeted for surveillance by the UAE government. While the use of any messaging apps increases the risk of exposure to users, some chat apps are viewed with greater suspicion because of their close ties to authoritarian governments.

Following this report, most of the US military has banned China-based TikTok and are re-examining other popular chat apps such as WeChat and Weibo.


Somebody’s Watching: Hackers Breach Ring Home Security Cameras

Ring Home Security camera customers in several states are reporting that their systems are being hacked. The company says that Ring Home Security cameras haven't suffered a breach, but that users are reusing passwords that have been exposed in previous security breaches making them easy to access using a hacking technique called credential stuffing.

NYTimes, December 15, 2019

https://www.nytimes.com/2019/12/15/us/Hacked-ring-home-security-cameras....


Ransomware attack strikes San Bernardino City Unified School District

On October 20th, a Ransomware attack in the San Bernardino City Unified School District caused numerous problems for students and faculty, causing headaches throughout the organization. 

KTLA, October 20th, 2019

https://ktla.com/2019/10/20/ransomware-attack-locks-san-bernardino-city-unified-school-district-computer-system/


A vulnerability in Sudo, a core command utility for Linux, could allow a user to execute commands as a root user

Sudo is a utility that allows a system administrator to give certain users (or groups of users) the ability to run commands in the context of any other user – including as root – without having to log in with a different profile. Sudo also logs all commands and arguments in a centralized audit trail system, so admins know which user performed which command and in which context.

threatpost.com, October 15th, 2019

https://threatpost.com/sudo-bug-root-access-linux/149169/


MacOS users targeted with new Tarmac Malware, installing a possible back door into your Mac

Security researchers have discovered a new piece of Mac malware; however, some of its purpose and full features will remain a mystery for a little longer. Named Tarmac (OSX/Tarmac), this new malware was distributed to macOS users via online malvertising (malicious ads) campaigns.

ZDNet, Oct 11th, 2019

https://www.zdnet.com/article/macos-users-targeted-with-new-tarmac-malware/


Chegg resets 40 million user passwords after data breach

In September of 2018, a major textbook rental and online tutoring services company Chegg reported it had suffered a data breach affecting the data of 40 million customers. The data involved in this breach includes user’s names, email addresses, passwords, and shipping addresses. This is one of the largest breaches of data affecting college and university students to date. While Chegg took action in 2018 by resetting user passwords on their site, the stolen data is now in the hands of cyber-criminals and it’s possible that students and former students may have used the same or similar passwords for other account logins across other websites.

TechCrunch, Sep 26, 2018

https://techcrunch.com/2018/09/26/chegg-resets-40-million-user-passwords-after-data-breach/


Hackers beat university cyber-defences in two hours

A team of ethical hackers conducted penetration testing to measure cyber-defence for approximately 50 major Universities and research centers in the UK in 2019. The hacking team was able to gain access to research networks, personal information, and financial systems within two hours or less. They report that spear-phishing was the most effective method for network penetration. This testing was part of a nation-wide program to measure and improve cybersecurity in the UK.

BBCNews, Apr 4, 2019

https://www.bbc.com/news/education-47805451


Town Avoids Paying Massive $5 Million Ransom in Cyberattack

In July of 2019, the city of New Bedford, Mass was the victim of a ransomware attack that affected approximately 3,500 computers. The hackers made a ransom demand of $5.3 million in bitcoin in order to decrypt their files. City officials attempted to negotiate with the hackers to reduce the ransom amount and to gain more time as they attempted to recover and restore encrypted files. This approach worked for New Bedford and they were able to to restore many files from backup and reconstruct the missing data. There is an ongoing debate at this time about whether or not victims should pay the ransom.

NPR, Sep 6, 2019

https://www.npr.org/2019/09/06/758399814/town-avoids-paying-massive-5-million-ransom-in-cyberattack


No municipality paid ransoms in ‘coordinated ransomware attack’ that hit Texas

None of the 22 Texas towns and municipalities that were victims of a massive ransomware attack in mid-August of 2019 paid the $2.5 million ransom demanded of them by the hackers.  Texas officials based the decision not to pay largely on public sentiment that tax-payer money should not go to pay hackers. Many people believe paying the ransom incentivizes cyber-criminals to launch more ransomware attacks.

ZDNet, Sep 7, 2019

https://www.zdnet.com/article/no-municipality-paid-ransoms-in-coordinated-ransomware-attack-that-hit-texas/


Ransomware Attack Hits 22 Texas Towns, Authorities Say

On August 16, 2019, hackers launched a large-scale "coordinated" ransomware attack on 22 towns in Texas. The cyberassault began Friday morning and mainly affected city business and financial operations. Interrupted services include processing utlity payments, issuing permits, as well as birth and death certificates. Officials say this attack is the first of its kind where one individual or hacking group has targeted multiple cities at once.  It is being viewed as a wake-up call for small towns in rural areas.

NYTimes, Aug 20, 2019

https://www.nytimes.com/2019/08/20/us/texas-ransomware.html