Tuesday, January 19, 02:16
Home security NetWalker ransomware: Over $ 25 Million in Gang Profits ...

NetWalker ransomware: Over $ 25 Million in Gang Profits Since March

NetWalker ransomware operators are estimated to have earned more than $ 25 million in ransom payments paid to their victims since March, the security company said. McAfee. Although there are no clear statistics, $ 25 million in profits bring NetWalker to the top of the most successful ransomware gangs known today, including other well-known ransomware such as Ryuk, Dharma and REvil (Sodinokibi).

McAfee, which recently published a report on NetWalker's operations, was able to track payments made by a victim to known addresses Bitcoin related to ransomware gang. However, security investigators believe the gang could have done even more than the illegal ones businesses her.

NetWalker ransomware

NetWalker, as a ransomware strain, first appeared in August 2019. In its original version, ransomware appeared under the name Mailto, but was renamed NetWalker in late 2019. ransomware works as RaaS closed access, a ransomware-as-a-service portal. Other hacker gangs register and go through a check-in process, which gives them access to an online portal where they can create custom versions of ransomware. The distribution is left to these second-rate gangs, known as affiliates, and each group develops it as it sees fit. Through this scrutiny process, NetWalker has recently started selecting partners who specialize more in targeted attacks against networks of high-value entities and profiles, rather than those that specialize in mass distribution methods such as exploitation kits or spam e-mail. This is because targeting larger companies with expensive businesses allows the gang to demand more ransom as larger companies lose more profits when they are not operating, compared to smaller companies.

In particular, the creator of NetWalker seems to favor partners who are able to intervene through network attacks - in RDP servers, networking tools, VPN servers, firewalls, etc. It is worth noting that the creator of NetWalker, named Bugatti, was only interested in hiring Russian-speaking customers.

NetWalker ransomware earnings

According to McAfee researchers, NetWalker has carried out attacks using farms on Oracle WebLogic and Apache Tomcat servers, invading networks via weak RDP endpoints credentials Or with spear-phishing in major companies. However, according to an FBI alert released last week, Netwalker operators have also incorporated Pulse Secure VPN servers (CVE-201911510) and web applications using the Telerik UI component (CVE-2019-18935) for to differentiate the "weapons" of their attacks.

U.S. companies and government agencies have been warned to update their systems as NetWalker gang activity has increased, affecting even some government networks. So far, NetWalker ransomware's highest profile victim is Michigan State University, which was breached at the end of May, as part of several raids on several USA. However, McAfee pointed out that NetWalker also poses a risk to companies around the world, and not just to the US or Western Europe, which has also been a target for NetWalker many times over.

ransomware attack

With more than $ 25 million in ransom payments received in recent months, NetWalker's popularity is expected to grow even more. And one of the reasons why the NetWalker ransomware gang is so popular and has made over $ 25 million since March is because of its "leak portal", a site where the gang publishes names and data from victims who refuse to pay a ransom.

A site operates on simple principles and is one of the many ransomware leak sites. Once a NetWalker ransomware partner breaks into a network, it first steals the sensitive data a company and then encrypts files. If the victim refuses to pay for the decryption of files during the initial negotiations, the ransomware gang creates an entry on its leak site. The entry has a timer and if the victim still refuses to pay, the gang leaks the files he stole from the victim's network.

The site has helped NetWalker ransomware put extra pressure on victims, leading many to fear that their intellectual property or sensitive data may be leaked to the Internet, while others fear that their name will be tarnished in the press as the site and most Its recent victims are often cited in news articles, and many companies will pay simply so that their name is not the first negative news in the newspapers.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.



FCC: Extremists turn to radio equipment after banning from social media

The US government warns that extremists could turn to radio equipment to plan their future attacks, ...

Android: How to make Signal the default messaging app

Signal is a popular encrypted messaging application that focuses on privacy. It is an alternative to ...

Google Cloud: We use some SolarWinds, but we were not affected by the hack

Google Cloud CISO Phil Venables has revealed that the cloud uses software from the vendor, SolarWinds, but states that the use ...

Scotland Environment Service: ransomware continues to affect us

The Scottish Environmental Protection Agency (SEPA) has confirmed that it was hit by a ransomware attack last month and continues to face ...

Backdoors and vulnerabilities were discovered in FiberHome routers

Backdoors and other vulnerabilities have been discovered in the firmware of a popular FiberHome FTTH ONT router. FTTH ONT stands for Fiber-to-the-Home Optical Network ...

GitHub apologizes to an employee who fired! What happened;

GitHub has admitted that it was wrong to fire a Jewish official who made "anti-Nazi" comments about the Capitol riots.

By 2030 AI will replace the people of cybersecurity

Security company Trend Micro recently conducted a new survey that reveals that more than two-fifths (41%) of IT leaders believe ...

Chinese Winnti APT targets organizations in Russia and other countries!

Security researchers at Positive Technologies have uncovered a series of attacks carried out by a Chinese APT hacking team targeting organizations in Russia ...

Silicon Valley is investing a huge amount of money in India

From March to November, even when COVID-19 destroyed economies around the world, the richest man in India ...

Microsoft, Salesforce, Oracle are designing a digital vaccination passport

A Covid digital vaccination passport is being developed jointly by a team of health and technology companies, as well as governments, airlines and ...