Friday, January 15, 21:20
Home security FBI: Warns of Netwalker ransomware targeting organizations

FBI: Warns of Netwalker ransomware targeting organizations

The FBI has issued a security warning to Netwalker ransomware operators targeting USA but also other countries, advising ransomware victims not to pay the ransom they are asked to report to the FBI. The FBI warning also contains some evidence that a breach related to the Netwalker ransomware, which is also known as "Mailto". In addition, the FBI released a list of measures it recommends that agencies take to mitigate these attacks.

According to the FBI, ransomware operators began targeting U.S. and other organizations in June 2020 after successfully encrypting systems in the network of UCSF Medical School and the Australian transport and logistics company "Toll Group". Toll Group was "hit" again by Nefilim ransomware, as well as Lorien Health Services, earlier this month.


In addition, the FBI notes that Netwalker ransomware operators have benefited from its pandemic COVID-19 in their attacks, managing to endanger a large number of unsuspecting victims in March, through phishing email carrying one Visual Basic Scripting (VBS) loader.

Starting in April 2020, Netwalker ransomware began exploiting vulnerable VPN devices, user interface components in web applications or weak RDP connection passwords, to access their target networks. Two of the most common vulnerabilities exploited by Netwalker operators are concerned the Pulse Secure VPN (CVE-2019-11510) and the Telerik UI (CVE-2019-18935).

The Netwalker ransomware team also recently released an ad in which it stated that it was looking for new partners who could offer it access in large corporate networks.

Netwalker ransomware

What mitigation measures is the FBI proposing?

  • Organizations can significantly reduce their chances of falling victim to Netwalker ransomware by using multi-factor authentication (MFA) with strong passwords and maintaining updated all devices and software in their networks.
  • The FBI also recommends use anti-virus or anti-malware on all network computers, while organizations should use only secure networks and avoid using public networks Wi-Fi. In addition, they should consider installing and using one VPN.
  • A very important measure proposed by the FBI is backups stored either on external storage devices or on in cloud, so that it is more difficult or even impossible for would-be intruders to access and encrypt them.

Once Netwalker ransomware administrators have successfully penetrated the network of a compromised target, they will use various malicious tools to collect admin credentials, to steal sensitive information, which they can later use to persuade the target to pay the ransom and encrypt the data on all Windows devices on the network.

The Netwalker ransomware team has uploaded stolen data in the cloud storage and file sharing service, MEGA.NZ (MEGA), by disclosing the data through the MEGA website or by installing the MEGA client application directly on the victim's computer. In addition, in June, the team went from uploading and releasing stolen data to MEGA to uploading the stolen data to another file sharing service:

The FBI advises victims not to pay ransom after such attacks as well this does not guarantee the successful recovery of encrypted devices. However, the FBI understands that when agencies face operational weaknesses, executives will evaluate all options to protect their employees and customers.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...