Friday, August 7, 11:49
Home security FBI: Warns of Netwalker ransomware targeting organizations

FBI: Warns of Netwalker ransomware targeting organizations

The FBI has issued a security warning to Netwalker ransomware operators targeting USA but also other countries, advising ransomware victims not to pay the ransom they are asked to report to the FBI. The FBI warning also contains some evidence that a breach related to the Netwalker ransomware, which is also known as "Mailto". In addition, the FBI released a list of measures it recommends that agencies take to mitigate these attacks.

According to the FBI, ransomware operators began targeting U.S. and other organizations in June 2020 after successfully encrypting systems in the network of UCSF Medical School and the Australian transport and logistics company "Toll Group". Toll Group was "hit" again by Nefilim ransomware, as well as Lorien Health Services, earlier this month.

In addition, the FBI notes that Netwalker ransomware operators have benefited from its pandemic COVID-19 in their attacks, managing to endanger a large number of unsuspecting victims in March, through phishing email carrying one Visual Basic Scripting (VBS) loader.

Starting in April 2020, Netwalker ransomware began exploiting vulnerable VPN devices, user interface components in web applications or weak RDP connection passwords, to access their target networks. Two of the most common vulnerabilities exploited by Netwalker operators are concerned the Pulse Secure VPN (CVE-2019-11510) and the Telerik UI (CVE-2019-18935).

The Netwalker ransomware team also recently released an ad in which it stated that it was looking for new partners who could offer it access in large corporate networks.

What mitigation measures is the FBI proposing?

  • Organizations can significantly reduce their chances of falling victim to Netwalker ransomware by using multi-factor authentication (MFA) with strong passwords and maintaining updated all devices and software in their networks.
  • The FBI also recommends use anti-virus or anti-malware on all network computers, while organizations should use only secure networks and avoid using public networks Wi-Fi. In addition, they should consider installing and using one VPN.
  • A very important measure proposed by the FBI is backups stored either on external storage devices or on in cloud, so that it is more difficult or even impossible for would-be intruders to access and encrypt them.

Once Netwalker ransomware administrators have successfully penetrated the network of a compromised target, they will use various malicious tools to collect admin credentials, to steal sensitive information, which they can later use to persuade the target to pay the ransom and encrypt the data on all Windows devices on the network.

The Netwalker ransomware team has uploaded stolen data in the cloud storage and file sharing service, MEGA.NZ (MEGA), by disclosing the data through the MEGA website or by installing the MEGA client application directly on the victim's computer. In addition, in June, the team went from uploading and releasing stolen data to MEGA to uploading the stolen data to another file sharing service:

The FBI advises victims not to pay ransom after such attacks as well this does not guarantee the successful recovery of encrypted devices. However, the FBI understands that when agencies face operational weaknesses, executives will evaluate all options to protect their employees and customers.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Listening to Twitter hack stopped due to porn!

According to a newspaper, the hearing about the teenage hacker who was responsible for the attack that took place on Twitter, which ...

Colorado paid a ransom of $ 45.000 to hackers

According to Lafayette, Colorado officials, the city's electronic systems were breached and officials were forced to pay a ransom to recover ...

Trump vs Biden: Instagram bug favors Trump!

In Instagram hashtag searches for Democratic candidate Joe Biden, content was promoted in favor of Donald Trump.

LibreOffice 7.0: Comes with new features and improved appearance

LibreOffice is one of the best alternatives to Microsoft Office. In addition to providing ...

Pompeo: "Eliminate Chinese apps from Apple and Google stores"!

US Secretary of State Mike Pompeo on Wednesday called for an extension of the US government's restrictions on Chinese technology, saying that ...

Microsoft brings Android applications to Windows 10!

Microsoft has decided to integrate Android applications into Windows 10 with the new update of the "Your Phone" application.

Nudgebox: From DNA analysis to Covid-19 detection

Nudgebox is the product of a small DNA testing company that a few months ago was trying to gain its place in genetics ...

Twitter: Android error exposes DMs and other user data to hackers!

Twitter announced that it fixed a bug found in the Twitter application for Android, which could allow hackers to ...

Trump: Facebook removes misinformation post about Covid-19

Facebook removes Donald Trump's post claiming that children are "almost immune" to Covid-19.

US: $ 10.000.000 to anyone who identifies election hackers!

A few months before this year's US presidential election to be held in November, the US State Department announced that it will give ...