What You Need to Know About Netwalker Ransomware

What is Netwalker?

Netwalker (initially named Mailto) is a strain of ransomware that was discovered in September 2019 but gained more traction among affiliates around March 2020 when the COVID-19 pandemic hit full force. Netwalker ransomware is being developed and maintained by a Russian-speaking actor designated as CIRCUS SPIDER.

These attackers gain access to sensitive data through email phishing and Big Game Hunting (BGH) tactics. Once compromised, the threat actors then attempt to blackmail their victims, asking them to pay a ransom in exchange for the decryption of their private files or to prevent their data from being published online.

What is the difference between Netwalker and other types of ransomware?

Most ransomware hackers encrypt data to hold you hostage, but Netwalker also exfiltrates your data. The threat actors aggressively threaten to publish victims’ data on the internet if ransoms are not paid. Costs can range from a few hundred dollars to millions, in addition to the disruption suffered while data remains inaccessible. Pennsylvania is one of 24 states that require customer notification, “without unreasonable delay,” when a data breach affects more than 1,000 residents. The entire reputation of your company is at stake.

Does my backup data protect me?

If your backup is up-to-date and the attack hasn’t compromised it, then you have your data, and there’s a chance of getting your system operational again. However, it’s very important that you ensure that your systems are properly secured and that hackers haven’t maintained access, or you may fall victim again.

Even if your backup data is safe, you still run the risk of your data being exfiltrated. Not only is your business at risk, but your partners and customers are as well. Rebuilding trust and your corporate reputation is not likely to be easy – and it will be costly.

How do they infect your computer system?

The threat actors are exploiting the COVID-19 pandemic. They are sneaking into your inbox through Coronavirus phishing emails and spam. When recipients open these emails and click the malicious attachments or links, their computers become compromised, and the ransomware begins to spread throughout the network. Once the ransomware has infected your system, it may lie dormant for weeks before it encrypts your files and exfiltrates your data.

Is Netwalker Ransomware as a Service (RaaS)?

Netwalker is a ransomware that is categorized as “ransomware-as-a-service” (RaaS). RaaS solutions are hosted anonymously by “professional” hackers that handle all aspects of the attack, from distributing ransomware to collecting payments and restoring access, in return for a cut of the loot.

The Netwalker organizers are posting on the dark web, inviting other criminals to become affiliates and help them spread the ransomware. Preference is being given to those with proven experience in cybercrime and existing access to corporate networks.

Affiliates are prohibited from going against organizations located in the region of Russia and the Commonwealth of Independent States. It is agreed that collaborators must always return the files of the victims who paid the ransom. However, this is never a guarantee when it comes to ransomware criminals…

How can I protect my business?

Try to avoid Netwalker Ransomware (and all ransomware) by following IT best practices such as…

  1. Change user and administrator passwords regularly
  2. Train users on Cybersecurity best practices
  3. Keep your operating systems patched and up to date
  4. Use sophisticated security solutions that help combat unknown threats
  5. Continually monitor your environment for malicious activity
  6. Properly configure backup solutions so a ransomware attack cannot compromise them

Your safest option is to have a managed service provider that understands the threat landscape. Ensure you have a breach response program in place and understand what your insurance does and does not cover. Having a 24/7 breach response team in your corner to help investigate, give advice, and provide you with assistance in your recovery from the attack is an essential part of protecting your business.

We’ve been hit by Netwalker – should we pay the ransom?

Paying the ransom should be your last resort, because even if you DO pay, there is no guarantee the hackers will give you back your information. They could still hold onto it and keep coming after you, your partners, and your customers…

However, you may understandably feel that your company has no choice but to pay the ransom if it wants to survive.

Ultimately, that’s a decision your company needs to make on its own.

Scroll to Top