How Hackers Bled 118 Bitcoins Out of Covid Researchers at UCSF

Bloomberg:

Transcripts reveal University of California at San Francisco’s weeklong negotiation to free its ransomware-locked servers. The haggling worked, sort of

Great article but missing a key ingredient – how did they get in in the first place? Answer — Pfishing. And why didn’t their anti-malware prevent this? Probably did not implement it correctly and/or their anti-malware provider did not provide quality sandboxing.

Still a great read. Link to Bloomberg Article Here

According to the hackers’ dark web blog, the ransomware used to attack UCSF came from Netwalker, a hacking operation that has boomed since last fall. Netwalker malware can be leased by would-be attackers as a kind of franchise program. In March, the group posted a dark web want ad to recruit new affiliates. The qualifications included: “Russian-speaking network intruders—not spammers—with a preference for immediate, consistent work.” In June, a further ad prohibited English speakers from applying, according to Cynet, a digital security company in Tel Aviv.

Tripwire’s Graham Cluley published a FAQ last May on Netwalker if you wish to read more. Here is the link

For a more in-depth look at Netwalker, Sophos has a great article here https://news.sophos.com/en-us/2020/05/27/netwalker-ransomware-tools-give-insight-into-threat-actor/