On Wednesday, May 27th, the threat group behind the NetWalker ransomware published initial information about their latest claimed victim, Michigan State University. Binary Defense analysts found a few screenshots of allegedly stolen data that were already published on the site, including what appears to be a financial operating statement from the Physics-Astronomy department from August 2015, and a scanned passport issued by the People’s Republic of China. Other screenshots show lists of files and folders that the attackers apparently had access to. The NetWalker data leak site displays a week-long countdown timer for each set of stolen data. After the timer reaches zero, the stolen data is automatically published unless the victim pays the attackers’ demanded extortion amount. Dan Olsen, deputy spokesperson at MSU, confirmed that the university was recently the victim of a NetWalker ransomware security breach. “Within hours of the intrusion, MSU IT took prompt action and notified law enforcement agencies,” Olsen said. “At this time, we believe the intrusion is isolated to one unit on campus.”

Screenshot from the NetWalker blog on May 29th, 2020.