NetWalker Ransomware

NetWalker (sometimes calling itself Mailto) refers to a dangerous ransomware group specialized in targeting Windows platforms. They’ve been around for quite some time, but 2020 has seen them launch some of the dreariest attacks.

Like most ransomware families, they target your computer networks, encrypt your files, lock you out, and demand payment for granting you access to the systems. However, NetWalker is notorious for its insistence that ransom must be paid in cryptocurrency.

Netwalker Ransomware

Ransomware Is a Common Thing. Why Should You Particularly Worry About NetWalker?

Of course, the consolation is that you have backed up all your data. In case of NetWalker attacks you, all you have to do is to block them, and resume normal operations — right?

With that reasoning, you are probably wondering how NetWalker has managed to extort more than $29 million since March this year alone.

Have you ever been in a position where you have to choose between denting your reputation or dishing out some few bucks? Well, maybe not that few — by the fourth quarter of 2019, organizations had to part with $84, 116 on average for each ransomware attack.

NetWalker knows very well that data is the organization’s most valuable asset. So, they will give you two options — you either pay up or post private company credentials and those of its affiliates online.

So, You Are Not Just as Safe as Having a Reliable Backup?

Precisely. However, having all your data backed up is a good starting point. At least you can be sure to maintain essential operations as you try to find a long-lasting solution. This gives you better bargaining power with the attackers than if you had no backup.

If you can find a way to lock the attackers out, you could be as good as done. But then again, there is the threat of exfiltrated data. If NetWalker releases your files to the general public, it’s not only the organization that will be disadvantaged. You risk losing out with your affiliates who trusted you to protect their data. Just a heads up, rebuilding reputation lost in this manner is not a walk in the park.

This is what makes NetWalker more dangerous than regular cyberattackers. They learned the trade of blackmail and extortion from the likes of Maze ransomware and perfected it.

How Does NetWalker Infect Your Networks?

NetWalker, like many other ransomware groups, has been keen on weaponizing the Coronavirus pandemic. The next time you are clicking on an embedded image or link in your email, be sure it’s not from NetWalker. Many unsuspecting users have fallen for this trap — emails with very catchy wordings inviting you to click a link to access COVID-19 awareness material. The next thing you realize is that you cannot access your files, and then that message demanding ransom pops up.

The group is also notorious for using a bogus version of the password management app Sticky Password. The moment you or your users run the fake app, your files are encrypted.

That shouldn’t scare you as much as the fact that NetWalker is now offering ransomware-as-a-service (Raas). It is supplying software and infrastructure to affiliates who use them to launch attacks at an affiliate fee.

What’s the danger with RaaS? Well, the gang prefers trading their tools to those who are experienced in successfully breaching corporate networks. An experienced crew is granted access to some of the most lethal ransomware tools to hack your systems.

Which Organizations Has Netwalker Attacked in the Recent Past?

Some of the most talked-about attacks include

  • The Toll Group. This is one of the most extensive Australian transportation and logistics companies. When NetWalker attacked, they compromised over 1,000 servers. The impact was so massive that it was felt in India, the Philippines, and Australia. Although the firm resumed operations after some time, it is not clear if they paid ransom or how much they paid.
  • NetWalker also recently attacked CHUPD — The Champaign Urbana Public Health District in Illinois. According to The Register, the district was forced to put up a temporary alternate website as they sought to solve the issue.
  • There were also reports that the gang infiltrated computers belonging to the city of Weiz in Austria.
  • The other victim is Michigan State University. NetWalker gave them seven days to pay up, or they leak the data.

They Have Been So Busy Recently, Why Haven’t Authorities Hunted Them Down?

We would say it’s because they are cunning; they do not step on the ‘wrong toes.’ From the list of successful attacks that they have launched, it is pretty clear that NetWalker and its affiliates do not target networks belonging to CIS or Russia. This is seen by many as an effort to keep these two authorities off their radar.

Apart from the two entities, NetWalker does not discriminate on the type or scope of organizations they attack. What this means is that you are also a potential target.

How Can You Protect Your Business From NetWalker?

Generally, it’s by being prepared. Always assume that you are the next target.

The following questions should help you gauge your level of preparedness:

  • What proactive security measures do you have in place? Have you implemented password expiration and complexity protocols? Do you have a DNS filter for malware-infested emails?
  • Are you confident in your employees’ level of cybersecurity awareness? Besides being your first line of defense, they could also be the weak link.
  • Should you pay a ransom when attacked by NetWalker? This is the discretion of the individual organization. However, always remember that making payments encourages the attacker to launch more cybercrime.
  • Is your IT service provider doing enough to protect your networks? In ideal circumstances, you’d expect the support company to draft preventative measures, response protocols, and train your employees on the same.

How High Are the Stakes?

To some, it has been a life-threatening encounter. Organizations take years to recover from the scare of a single cyberattack.

In IT, we say you are only as financially stable as your next cyberattack. Learn from the experience of other organizations. It may be too late if you wait for NetWalker to attack you.

Contact Veltec Networks for any queries. Call us today at (408) 797-0756, and let’s discuss your network’s security.

Duleep Pillai | Published on August 30, 2020

Book Your Complimentary
Computer Security and Vulnerability Scan.