NetWalker ransomware continues streak of college attacks

The University of California, San Francisco and Columbia College in Chicago were hit by the same malware that recently targeted Michigan State University.
UCSF Fresno
(Flickr / Nightryder84)

A form of ransomware known as NetWalker added two more colleges to its list of victims Wednesday by claiming to have stolen files from Columbia College in Chicago and the University of California, San Francisco, according to screenshots posted on a blog maintained by the hackers behind the attacks.

The posts contained what appear to be screenshots of student and faculty records — that include personally identifiable information — which the hackers described as a sample of what they plan to publish on dark-web forums if their ransom demand is not paid. Both posts included countdown clocks threatening publication of the stolen files within one week.

“Dear Columbia College of Chicago, we invite you to talk with us before this breach goes public and affect your business and your students private data,” one of the posts reads. “We have very highly sensitive data like social security numbers and other private information which we can send samples to you as proof. We hope that you care for your students and are willing to work with us before this sh!t hits the fan on your College. If we don’t hear from you soon, all data like social security numbers and other will be sold on open markets of the dark web, either way, we are getting paid, now you choose how you want to handle this incident.”

The attacks bear similarity to one NetWalker carried out last week against Michigan State University, which also threatened the publication of stolen student, personnel and financial records if a ransom was not paid within seven days. In a statement Wednesday, Michigan State said its incident was limited to a single academic department — physics and astronomy — and that no ransom was paid. The Big Ten school also said it was working with law enforcement to remedy and investigate the attack.


“First and foremost, our priority is determining what information was compromised and then working with anyone who may have been affected to provide them with the appropriate support,” said MSU Chief Information Officer Melissa Woo, according to the statement.

The statement went on to say that MSU is notifying individuals whose records — which included passports and other sensitive documents — were exposed.

Ransomware continues to be a nagging problem for the education sector. While more prevalent in K-12 systems, higher education institutions have not been spared. According to the cybersecurity firm Emsisoft, no fewer than 89 colleges and universities were attacked in 2019, and at least 30 have been affected by ransomware so far this year.

Columbia College did not respond to questions about the incident on its network. In a brief statement, a UCSF official said its IT staff detected a network intrusion on Monday and took “prompt action” to isolate and contain the malicious activity, and that the school has since reached out to cybersecurity consultants and law enforcement.

“With their assistance, we are conducting a thorough assessment of the incident, including a determination of what, if any, information may have been compromised,” the UCSF statement read.


The school, which is dedicated entirely to postgraduate health and science instruction, has been leading research efforts on the coronavirus pandemic and providing diagnostic testing to residents of the San Francisco Bay Area, in addition to treating COVID-19 patients at its more-than 20 hospitals and clinics. While it declined to comment further on the extent of the ransomware attack, UCSF noted in its statement that its patient care has “not been affected” by the incident.

Latest Podcasts