Netwalker Ransomware

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
NetWalker ransomware is a form of malicious software (malware) that targets vulnerable systems, often infiltrating them through suspicious downloads, emails, or websites. Notably, it has been observed to target vulnerable Pulse Secure VPN devices for initial access, as indicated by IOCs released by the FBI. The malware is unique in that it is not compiled but written in PowerShell and executed directly in memory without storing the actual ransomware binary into the disk. This sophisticated approach allows it to stealthily disrupt operations and hold data hostage for ransom. The NetWalker ransomware has been associated with significant cyberattacks, including an attack on the ThyssenKrupp Materials group of companies based in the U.S. and Canada on December 28, 2020. It also used the global Covid-19 pandemic as a vector for infection, sending out emails with an attachment named “CORONAVIRUS_COVID-19.vbs” that contained an executable file for the ransomware. Once opened, the obfuscated code within the file would extract and launch the ransomware on the victim’s computer, encrypting files and demanding a ransom payment. In response to these widespread attacks, the Department of Justice launched a global action against NetWalker ransomware. In a coordinated effort with Bulgarian authorities, they managed to disrupt the ransomware's operations, disabling its dark web resources and arresting a Canadian citizen believed to be associated with the operation. Additionally, approximately $500,000 in cryptocurrency, which had been delivered by victims as ransom payments, was seized. These actions marked a significant step towards mitigating the threat posed by the NetWalker ransomware.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Netwalker
5
NetWalker is a highly profitable ransomware kit, known for its ability to disable antivirus software on Windows 10 systems and encrypt files, adding a random extension to the encrypted ones. Once executed, it disrupts operations and can even hold data hostage for ransom. It has been observed that Ne
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Bitcoin
Vpn
Phishing
Vulnerability
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Netwalker Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
How to protect hospitals against the ransomware Netwalker
Securityaffairs
5 months ago
A cyber attack hit Thyssenkrupp Automotive Body Solutions BU
CERT-EU
6 months ago
Russia seizes Trump Dumps, Ferum, and SkyFraud carding forums | #datingscams | #russianliovescams | #lovescams | #datingscams | #love | #relationships | #scams | #pof | #match.com | #dating | National Cyber Security Consulting
CERT-EU
6 months ago
Infographic: A History of Network Device Threats and What Lies Ahead
CERT-EU
6 months ago
Infographic: A History of Network Device Threats and What Lies Ahead | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
8 months ago
Connect the Dots on State-Sponsored Cyber Incidents - Disruption of NetWalker ransomware
CERT-EU
9 months ago
Connect the Dots on State-Sponsored Cyber Incidents - Disruption of NetWalker ransomware
CERT-EU
10 months ago
'Bulletproof' Web Site Hosting Ransomware Finally Seized, Founder Indicted | #ransomware | #cybercrime | National Cyber Security Consulting
InfoSecurity-magazine
a year ago
Authorities Take Down Lolek Bulletproof Hosting Provider
MITRE
a year ago
Reflective Loading Runs Netwalker Fileless Ransomware
CERT-EU
a year ago
NetWire Malware Site and Server Seized, Admin Arrested
MITRE
a year ago
WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
CERT-EU
a year ago
Cyber Security Today, Week in Review for Friday, July 7, 2023 | IT World Canada News
Securityaffairs
a year ago
Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency
BankInfoSecurity
a year ago
'Bulletproof' LolekHosted Down Following Police Operation
CERT-EU
a year ago
LolekHosted seized, five admins arrested following police operation
Securityaffairs
a year ago
Police dismantled bulletproof hosting service provider Lolek Hosted
Flashpoint
a year ago
Administrator of ‘Bulletproof’ Webhosting Domain Charged in Connection with Facilitation of NetWalker Ransomware
CERT-EU
a year ago
VPN vulnerability linked to ransomware attack on Law Society: PDPC
Naked Security
a year ago
Crimeware server used by NetWalker ransomware seized and shut down