Netwalker has been making a name for themselves after being rebranded in February 2020 from their original name Mailto. A steady stream of victims has been claimed by the group in their announcements and not all have been universities. The ransomware has targeted exposed Remote Desktop Services in the past to gain initial access to enterprise networks. Once the operators have access to the network, they will expand their access to as many workstations and servers as they can to steal sensitive files before encrypting the devices. Because of the most recent attacks on universities, it could point to a significant vulnerability in a commonly used software or application within universities. Because of the most recent trend in ransomware of selling or leaking stolen data or files if the ransom is not paid, backups sometimes cannot be enough to fully protect a victim, though regularly scheduled and tested backups are still the most important practice for recovery. With budget cuts and traditional ways of schooling being altered over the past few months, many people feel the need to cut down on spending within their organizations, and often cuts for security come first. Attacks like these show how imperative it is to continue proper security measures to protect organizations, because recovering from an extensive attack can be far more costly than the security services that would have prevented the attack. A service such as Binary Defense’s Managed Detection and Response or SIEM monitoring can identify these attacks and stop them from moving throughout an entire network, minimizing the damage and the leverage an attacker may gain over their victim.

More can be read here: https://www.bleepingcomputer.com/news/security/netwalker-ransomware-continues-assault-on-us-colleges-hits-ucsf/?&web_view=true