Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Netwalker Ransomware Explained: What You Need to Know
#1
Bug 
Quote:
[Image: heimdal-logo.svg]

How Can You Protect Your Enterprise Against Netwalker Ransomware Attacks? Detailed Information on Netwalker Ransomware and How to Deal with It Proactively

Even though ransomware has been around since 1996, it is as present of a threat today as it was two decades ago. The most chilling part is that cyber-attackers are getting better at it.
 
As per a public service announcement issued by the FBI,
 
Quote:“Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminant ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information.

Although state and local governments have been particularly visible targets for ransomware attacks, ransomware actors have also targeted health care organizations, industrial companies, and the transportation sector.”

Not only are hackers becoming more refined in their approach, but it seems like they are also exploiting what is arguably the most notable crisis in modern times. I’m talking about the Coronavirus pandemic, of course. And yes, cybercriminals have already found a way to prey on our collective anxiety over it.

The latest ransomware to profit off of our worries is Netwalker. In the following lines, I will present its history thus far, as well as propose a few ways in which you can protect your data from it and similar attacks. So, without further ado, let’s get into it.

What Is Netwalker Ransomware?

Netwalker is a strain of ransomware discovered in September 2019, but its timestamp dates it back to late August. Initially believed to be a threat of the Mailto persuasion, it has since been established that it is an updated version of it. Mailto was discovered by independent cybersecurity researcher and Twitter user GrujaRS.

Data gathered so far indicates that Netwalker ransomware was created by a Russian-speaking group of hackers. This particular faction operates under the Circus Spider moniker.

The concept behind Netwalker is that of Ransomware-as-a-Service (RaaS), which means that Circus Spider provides others with the tools and infrastructure to hold files hostage in return for an affiliate payment. The group posted on dark web Russian forums inviting interested cybercriminals to become associates and spread the malware.

This malicious business model is nothing unheard of, being employed most notably by actors behind the GandCrab ransomware and its updated version Sodinokibi. Affiliates are offered a cut of up to 84% of the payout if the previous week’s earnings exceed $300,000. If the earnings are below this sum, they can still easily gain around 80% of the total value. The remainder of 16-20% goes to the group behind Netwalker.

Through this method, those involved earned 25 million dollars in just five months starting with March 1st.

However, joining in comes with its own set of rules. Affiliates are prohibited from going against organizations located in the region of Russia and the Commonwealth of Independent States. What is more, it is stipulated that collaborators must always return the files of the victims who paid the ransom. Nonetheless, this is never a guarantee when it comes to ransomware hackers.

How Does Netwalker Ransomware Operate?

When Netwalker first started gaining traction among affiliates around March 2020, its MO was standard enough. Associates distributed the malware through spam emails that lured victims into clicking on phishing links and infecting the computers in their network. Their focus on mass volume meant that anyone was at a risk to become a target.

This type of ransomware attack is categorized as belonging to a newer class of malware, namely that which spreads through VBScripts. What is nefarious about this technique is that, if successful, it reaches all the machines connected to the same Windows network as the original infection point.

However, as of April 2020, Netwalker ransomware switched its approach up and requested that affiliates do the same. Circus Spider started recruiting experienced network intruders to single out big targets such as private businesses, hospitals, or governmental agencies, rather than individual home users. Attackers gained unauthorized access to the networks of larger organizations by manipulating unpatched VPN appliances, weak Remote Desktop Protocol passwords, or exposed spots in web applications.

After acquiring unlawful entry, Netwalker ransomware then terminates all processes and services running with Windows, encrypts the files on the disk, and deletes backups that are stored in the same network. As a consequence, everything stored on the devices in the victim network is rendered inaccessible.

Attackers gain access to sensitive data, which they then use to blackmail victims into paying a ransom in exchange for their private files to remain private and not be leaked online. Screenshots of the stolen files together with a countdown are published on Netwalker’s public shaming website. Victims are given one week to pay the ransom, and if they fail to do so everything that was on their affected machines is exposed.

According to a Flash Alert issued by the FBI and distributed among potential victims, Telerik UI and Pulse Secure VPN are two of the most common vulnerabilities exploited by attackers attempting to infiltrate an organization’s network and execute Netwalker.
...
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>