{
	"id": "0e6ed131-6fcd-4a1d-a08e-3fba57d778fb",
	"created_at": "2026-04-06T00:19:11.510664Z",
	"updated_at": "2026-04-10T13:12:41.510081Z",
	"deleted_at": null,
	"sha1_hash": "3c1b61c3f08be957ea78c52661c2fe23207fec56",
	"title": "Netwalker ransomware continues assault on US colleges, hits UCSF",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1943726,
	"plain_text": "Netwalker ransomware continues assault on US colleges, hits UCSF\r\nBy Lawrence Abrams\r\nPublished: 2020-06-03 · Archived: 2026-04-05 12:55:02 UTC\r\nThe Netwalker Ransomware operators claim to have successfully attacked the University of California San Francisco\r\n(UCSF), stolen unencrypted data, and encrypted their computers.\r\nUCSF is a research university located in San Francisco, California, and is entirely focused on health sciences.  According to\r\nthe U.S. News \u0026 World Report's college rankings, UCSF ranks #2 in medical schools for research and #6 in best medical\r\nschools for primary care.\r\nOver the past week, the Netwalker Ransomware operation has been targeting U.S. colleges and threatening to release their\r\ndata \r\nhttps://www.bleepingcomputer.com/news/security/netwalker-ransomware-continues-assault-on-us-colleges-hits-ucsf/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/netwalker-ransomware-continues-assault-on-us-colleges-hits-ucsf/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nOn May 28th, Netwalker posted on their data leak that they had encrypted Michigan State University, and if a ransom was\r\nnot paid, they would publicly release stolen data if not paid. This deadline has come and gone, and the ransomware operators\r\nhave publicly released their data.\r\nNext, they claimed to have attacked Columbia College of Chicago, and once again threatened to release the stolen data if not\r\npaid.\r\nToday, Netwalker states that they allegedly attacked another U.S.-based college, University of California San Francisco.\r\nUCSF entry on Netwalker's data leak site\r\nAs part of this leak, the threat actors have posted screenshots of some of the stolen files.\r\nThese images include student applications with social security numbers, a spreadsheet, and folder listings that appear to\r\ncontain employee information, medical studies, and financials.\r\nLeaked student application with SSN\r\nBleepingComputer has contacted the University of California San Francisco to confirm the attack but has not received a\r\nreply.\r\nNetwalker is becoming a bigger threat\r\nStarting as the Mailto ransomware in October 2019, the ransomware rebranded as Netwalker in February 2020.\r\nhttps://www.bleepingcomputer.com/news/security/netwalker-ransomware-continues-assault-on-us-colleges-hits-ucsf/\r\nPage 3 of 4\n\nNetwalker has steadily been making a name for itself as it continues to announce a steady stream of successful attacks,\r\nincluding one against the Australian transportation company Toll Group,\r\nThis ransomware operation is known to target exposed Remote Desktop Services and use spam to gain access to enterprise-networks where it then steals unencrypted files before encrypting the computers.\r\nAs their latest disclosed victims have all been colleges, it may indicate a vulnerability in a commonly used application or\r\ndevice, or simply exposed Remote Desktop servers.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/netwalker-ransomware-continues-assault-on-us-colleges-hits-ucsf/\r\nhttps://www.bleepingcomputer.com/news/security/netwalker-ransomware-continues-assault-on-us-colleges-hits-ucsf/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/netwalker-ransomware-continues-assault-on-us-colleges-hits-ucsf/"
	],
	"report_names": [
		"netwalker-ransomware-continues-assault-on-us-colleges-hits-ucsf"
	],
	"threat_actors": [],
	"ts_created_at": 1775434751,
	"ts_updated_at": 1775826761,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3c1b61c3f08be957ea78c52661c2fe23207fec56.pdf",
		"text": "https://archive.orkl.eu/3c1b61c3f08be957ea78c52661c2fe23207fec56.txt",
		"img": "https://archive.orkl.eu/3c1b61c3f08be957ea78c52661c2fe23207fec56.jpg"
	}
}