A ransomware gang claims to have successfully attacked three universities within the last seven days. They say that their latest attack was against the University of California San Francisco, or UCSF, on June 3.

Cointelegraph had access to the evidence published by NetWalker, a group of hackers, on their official dark web blog. In this blog, they claimed to have stolen sensitive data, including student names, social security numbers, and financial information.

NetWalker threatened to leak the data in less than a week if crypto payment in Bitcoin (BTC) is not made. The information is from Michigan State, Columbia College of Chicago, and UCSF.

Educational services and ransomware attacks

As of press time, Michigan State University’s data was also reportedly stolen. The group is also threatening to release student data, according to the countdown displayed on NetWalker’s blog site.

Source: Brett Callow’s research

Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft and one of the first experts who spotted the massive attack, says that ransomware attacks in the education sector are an “enormously disruptive and costly problem.”

He relies on the latest Emsisoft’s data, which states that in 2019, at least 89 universities, colleges, and school districts were impacted by ransomware. He suspects that up to 1,233 individual schools were potentially affected.

Callow adds that the trend is continuing into 2020 with at least 30 universities, colleges, and school districts already impacted this year. Regarding the attack on the three US universities, Emsisoft’s threat analyst warned:

“(…) Even if the universities do pay, that will not solve the problem as they will only have a pinky promise.”

University leading COVID-19-related antibody tests attacked

UCSF confirmed to Bloomberg that they were the target of an “illegal intrusion,” although they did not provide further details about the attack.

The educational institution is one of the universities leading antibody testing and clinical trials for possible coronavirus treatments.

Callow advises the education sector that systems should be promptly patched, email filtered, PowerShell disabled when not needed, and MFA used everywhere that it can be used. He adds that adhering to well-established best practices can “significantly reduce the likelihood of an organization being successfully attacked.”

The Emsisoft analyst adds the following regarding the threat level of recent ransomware attacks:

“Every time a ransom is paid, the criminals become more motivated and better resourced. The only way to stop ransomware attacks is to cut off the cash flow, and that means organizations must improve their security so as not to be in the position of needing to pay ransoms.”

Recently, Cointelegraph reported the latest findings of Verizon’s 2020 Data Breach Investigation Report, which revealed that education services worldwide have been witnessing a surge in ransomware attacks in 2020.