Over the past few weeks, there have been attacks carried out against universities in the united states where the attackers have been successful in stealing unencrypted data and then encrypting the university computers for ransom. The data taken from these universities has consisted of student applications with social security numbers, a spreadsheet, a folder listing that had employee information, medical studies from a university, and financials. The hackers are promising that if the ransomware isn't paid for, then they would leak this information. While the list of affected universities is short, this group has successfully launched attacks against Columbia College of Chicago, Michigan State University, and recently the University of California San Francisco. At the same time, it seems these Universities have taken the stance that they won't be paying the ransomware and have notified those affected depending on the level of infection.
Netwalker is a relatively new player in the world of ransomware. Known initially as mailto, Netwalker has been successfully going after large targets since their coming out in 2019, where the group carried out a massive attack against the Australian toll group that compromised around 1,000 systems, forcing the toll company to shut down and fix those devices while they had to revert to manual processes for clearing the backlog of undelivered local and international Australia parcels. While there was no indication of personal information or data stolen, it seems the group has now found a way to level up their attacks and get sensitive data that carries a price to keep secret.
It's believed that the group is taking advantage of Remote desktop services in these systems and uses spam to try and access enterprise level-networks where they are taking the information listed above.
For starters, you can look at your Remote Desktop services and make sure these things are done.