On June 4, I noted that NetWalker ransomware operators had reportedly added the University of California at San Francisco to their website where they name victims who have not paid their ransom demands.
When I checked back today, I do not see UCSF still listed on NetWalker’s site, which is curious. But I also see that UCSF posted an update on their situation on June 17:
On June 1, UCSF IT staff identified and stopped an unauthorized access of a limited part of the School of Medicine’s IT environment while the intrusion was occurring. Out of an abundance of caution, we immediately isolated a wider range of the School’s servers than what the intrusion targeted and engaged a leading cybersecurity firm to assist in our response.
Importantly, we determined that our overall UCSF network was not affected, and there is no impact to patient care delivery operations.
We quickly launched an investigation to determine what information, if any, may have been impacted, and are cooperating with the FBI. Our assessment has determined that the vast majority of the School’s IT environment has not been impacted. We are making good progress and are optimistic that we will start bringing our isolated systems back online in about two weeks. As we complete our recovery work, some of the School’s systems may remain unavailable.
In order to preserve the integrity of the investigation, we are limited in what we can share at this time and appreciate everyone’s patience as we resolve this situation.
So it sounds like they did not pay any demands. And they are not publicly confirming that they were attacked by NetWalker ransomware.
Why are they no longer on NetWalker’s site? Interesting….