Paid Netwalker Ransoms Total $25 Million in Just Five Months
NJCCIC Alert
Original Release Date: 8/6/2020
Summary
Netwalker is a human-operated Ransomware-as-a-Service (RaaS) operation first observed in mid-2019. The operators behind the ransomware gain 60-70 percent of the ransom payments collected by the RaaS users. According to McAfee, between March 1, 2020 and July 27, 2020, the total amount netted through Netwalker ransoms was $25 million. As with several other ransomware variants, Netwalker operators may exfiltrate victim data prior to the encryption process in order to threaten the release of this data if a ransom payment is not made. The operators run a data leak website for its users to upload data stolen from victims and schedule the data to be released at a certain time.
Recommendations
The NJCCIC recommends reviewing the FBI Flash for indicators of compromise associated with the Netwalker ransomware and following the recommendations within the Ransomware: Risk Mitigation Strategies guide to reduce their risk and impact if victimized. Recommendations include having a comprehensive data backup plan that requires keeping multiple tested backups off the network, with at least one in a separate and secure location.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.