Cybercriminals attacked UCSF, US leading COVID-19 vaccine developer

Cybercriminals attacked UCSF

Using ransomware, cybercriminals attacked the University of California, San Francisco (UCSF), one of the leaders in developing a vaccine against COVID-19.

The university administration confirmed to Bloomberg reporters that it was the victim of an “illegal invasion”, but did not specify which part of the IT infrastructure was damaged.

UCSF experts are leaders in the United States in the field of antibody testing and the development of treatment for coronavirus infection. Here were tested antimalarial drugs, which President Donald Trump called the possible cure for COVID-19. However, scientists refuted this statement.

“Hackers are increasingly targeting institutions like UCSF not only for ransomware payments themselves, but also for possibly lucrative intellectual property, like valuable research on a cure for Covid-19. UCSF has engaged in extensive sampling and anti-body testing, including on the experimental anti-viral drug remdesivir, which has shown signs of being effective early in the Covid-19 life-cycle”, — write Bloomberg reporters.

According to Peter Farley, head of the UCSF public relations department, cyberattack did not affect studies involving patients.

Cybercriminals attacked UCSF

The UCSF administration reported about the incident to law enforcement and turned to cybersecurity experts for help.

“With their help, we conduct a thorough assessment of the incident, including finding out what information could have been compromised”, — said Fairley, adding that he could not disclose any details while the investigation was ongoing.

It seems that the attackers encrypted the UCSF data and demanded a ransom for their recovery. Payment must be made before June 8 this year, and in case of non-payment, the extortionists promised to publish the “secret data” of the UCSF. It is not reported, what sum demanded the cybercriminals.

NetWalker ransomware operators confirmed responsibility for the attack on their blog on Darkweb.

“Attack groups often post data samples to prove the success of their breach. In this case, their blog posted four screenshots, including of two files accessed by the attackers. The files’ names, seen by Bloomberg on the darkweb, contain possible references to the U.S. Centers for Disease Control and Prevention and departments central to the university’s coronavirus research”, — writes Bloomberg.

Let me remind you that just recently Europe’s largest private hospital operator Fresenius attacked with Snake ransomware.


Netwalker ransomware was first introduced and operated by the criminal cyber group dubbed Circus Spider by CrowdStrike Inc. Since September 2019, Netwalker ransomware has been actively used by criminal actors with links to malware including Mailto, Koko, and KazKavKovKiz.[/box]

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *