Saturday, October 24, 02:47
Home security FBI: Warns of Netwalker ransomware targeting organizations

FBI: Warns of Netwalker ransomware targeting organizations

The FBI has issued a security warning to Netwalker ransomware operators targeting USA but also other countries, advising ransomware victims not to pay the ransom they are asked to report to the FBI. The FBI warning also contains some evidence that a breach related to the Netwalker ransomware, which is also known as "Mailto". In addition, the FBI released a list of measures it recommends that agencies take to mitigate these attacks.

According to the FBI, ransomware operators began targeting U.S. and other organizations in June 2020 after successfully encrypting systems in the network of UCSF Medical School and the Australian transport and logistics company "Toll Group". Toll Group was "hit" again by Nefilim ransomware, as well as Lorien Health Services, earlier this month.


In addition, the FBI notes that Netwalker ransomware operators have benefited from its pandemic COVID-19 in their attacks, managing to endanger a large number of unsuspecting victims in March, through phishing email carrying one Visual Basic Scripting (VBS) loader.

Starting in April 2020, Netwalker ransomware began exploiting vulnerable VPN devices, user interface components in web applications or weak RDP connection passwords, to access their target networks. Two of the most common vulnerabilities exploited by Netwalker operators are concerned the Pulse Secure VPN (CVE-2019-11510) and the Telerik UI (CVE-2019-18935).

The Netwalker ransomware team also recently released an ad in which it stated that it was looking for new partners who could offer it access in large corporate networks.

Netwalker ransomware

What mitigation measures is the FBI proposing?

  • Organizations can significantly reduce their chances of falling victim to Netwalker ransomware by using multi-factor authentication (MFA) with strong passwords and maintaining updated all devices and software in their networks.
  • The FBI also recommends use anti-virus or anti-malware on all network computers, while organizations should use only secure networks and avoid using public networks Wi-Fi. In addition, they should consider installing and using one VPN.
  • A very important measure proposed by the FBI is backups stored either on external storage devices or on in cloud, so that it is more difficult or even impossible for would-be intruders to access and encrypt them.

Once Netwalker ransomware administrators have successfully penetrated the network of a compromised target, they will use various malicious tools to collect admin credentials, to steal sensitive information, which they can later use to persuade the target to pay the ransom and encrypt the data on all Windows devices on the network.

The Netwalker ransomware team has uploaded stolen data in the cloud storage and file sharing service, MEGA.NZ (MEGA), by disclosing the data through the MEGA website or by installing the MEGA client application directly on the victim's computer. In addition, in June, the team went from uploading and releasing stolen data to MEGA to uploading the stolen data to another file sharing service:

The FBI advises victims not to pay ransom after such attacks as well this does not guarantee the successful recovery of encrypted devices. However, the FBI understands that when agencies face operational weaknesses, executives will evaluate all options to protect their employees and customers.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


How to use Portrait Light on a Pixel phone

Lighting is undoubtedly the most important component for taking a good photo. If you have a Pixel phone, you can fix ...

DFAT: We apologize for the inconvenience to Australians

The contact details of at least 15 Australian citizens were included in the "Cc" field of an email. The Australian Minister of Foreign Affairs and Trade (DFAT), Marise ...

How to share your Apple Watch Face with others

One of the best things about owning an Apple Watch is the ability to customize your watch face in different colors ...

New York: Chenango County was attacked by ransomware

Chenango County officials had to find other solutions as none of its computers could be accessed ...

Watch the first videos of using Tesla's Full Self-Driving Beta

We see for the first time what it is and what the Full Self-Driving Beta software update of Tesla does, as some users who ...

The pharmaceutical company Shionogi & Co fell victim to data breach

The pharmaceutical company Shionogi & Co. based in Japan, announced on Thursday that its subsidiary in Taiwan, was hit by an online ...

A student goes to his closed school for WiFi because he does not have internet at home

A 9-year-old student who attends an elementary school in Roswell, New Mexico, goes to his closed elementary school to ...

Technology conferences / events 2021: When will they take place, where and in what form?

In recent months, our lives have changed a lot due to the coronavirus pandemic. Globally, thousands of cases are reported every day. A...

EU: Sanctions on Russian officers for hacking the German Parliament in 2015

The EU Council announced yesterday that sanctions were imposed on officers of the Russian military intelligence service belonging to the 85th main center ...

The biggest data breaches ever committed in the US

The COVID-19 pandemic has greatly changed the daily lives of people worldwide. But as more and more employees work from ...