“Waiting for payment”: The Danger and Defense Against Netwalker Ransomware

Ransomware is basically when a cybercriminal takes control of your computer and blocks your access to your own files by encrypting them. You are warned that to unlock your files you will have to pay a large amount of money (ransom). 

Ransomware is nothing new. We’ve all heard it before. In fact, it is one of the top 3 cyber threats that cybercriminals are using up to now.  

So, WTH on earth is this Netwalker Ransomware?

What is Netwalker Ransomware?

Netwalker, previously known as Mailto, is a new strain of ransomware discovered in August 2019. The data gathered so far indicates that this type of ransomware was created by a Russian-speaking group of hackers.

The concept of Netwalker is that it encrypts and exfiltrates all of the data they breach. They temporarily hold important files and add extortion to the mix by threatening to make the data public. The desired effect is ensuring the victim to feel like there is no other option other than to pay. 

(c) Tripwire

What’s worse is that they invite other interested cybercriminals to spread the malware by posting on dark web Russian forums.

According to Heimdal Security, affiliates are offered a cut of up to 84% of the payout if the previous week’s earnings exceed $300,000. If the earnings are below this sum, they can still easily gain around 80% of the total value. The remainder of 16-20% goes to the group behind Netwalker. 

(c) Tripwire

How do they infect your computer system?

Netwalker distributes the malware through phishing emails. These emails appear to come from legitimate sources. Most of these phishing emails disguise themselves to appear COVID-19 crisis-related. In this case, victims are tricked into clicking the links or attached files.

Once the victim clicks the link or attached file, the victim will notice that their computer system has been compromised. The victim will be presented a ransom note saying “waiting for payment” in exchange for full decryption of their compromised data.

When the ransom note has been deployed, the data is published on the dark web and shown to the victim as proof of the breach. This triggers a victim to pay the ransom to avoid further issues.

Who are their targets?

Netwalker Ransomware targets Windows-based systems. These bad actors mostly target large organizations including:

  • Telecommunications
  • Businesses
  • Schools
  • Government institutions
  • Health organizations

Some of the notable victims of Netwalker Ransomware are:

How to protect yourself and your organization against Netwalker Ransomware?

  • Be wary of emails asking you click links or download files
  • Use two-factor authentication with strong passwords
  • Change your passwords regularly
  • Backup all of your data on hard drives
  • Install antivirus and antimalware software (update regularly)
  • Raise awareness amongst your colleagues/staffs about cybersecurity threats

Bottom line

Netwalker Ransomware is a serious ransomware. As you can see, large organizations have been their victim. They can use you as a victim to infiltrate your organization’s network.

Protect your organization as to how you protect yourself.

Always be proactive when it comes to ransomware attacks.

Being proactive is taking full responsibility for yourself and your organization rather than just watching how things happen.