Netwalker Ransomware

Malware updated 4 months ago (2024-05-04T18:56:23.033Z)

Download STIX

Preview STIX

NetWalker ransomware is a form of malicious software (malware) that targets vulnerable systems, often infiltrating them through suspicious downloads, emails, or websites. Notably, it has been observed to target vulnerable Pulse Secure VPN devices for initial access, as indicated by IOCs released by the FBI. The malware is unique in that it is not compiled but written in PowerShell and executed directly in memory without storing the actual ransomware binary into the disk. This sophisticated approach allows it to stealthily disrupt operations and hold data hostage for ransom. The NetWalker ransomware has been associated with significant cyberattacks, including an attack on the ThyssenKrupp Materials group of companies based in the U.S. and Canada on December 28, 2020. It also used the global Covid-19 pandemic as a vector for infection, sending out emails with an attachment named “CORONAVIRUS_COVID-19.vbs” that contained an executable file for the ransomware. Once opened, the obfuscated code within the file would extract and launch the ransomware on the victim’s computer, encrypting files and demanding a ransom payment. In response to these widespread attacks, the Department of Justice launched a global action against NetWalker ransomware. In a coordinated effort with Bulgarian authorities, they managed to disrupt the ransomware's operations, disabling its dark web resources and arresting a Canadian citizen believed to be associated with the operation. Additionally, approximately $500,000 in cryptocurrency, which had been delivered by victims as ransom payments, was seized. These actions marked a significant step towards mitigating the threat posed by the NetWalker ransomware.

Description last updated: 2024-05-04T17:09:02.615Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Netwalker	5	NetWalker is a highly profitable ransomware kit, known for its ability to disable antivirus software on Windows 10 systems and encrypt files, adding a random extension to the encrypted ones. Once executed, it disrupts operations and can even hold data hostage for ransom. It has been observed that Ne

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Bitcoin

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Netwalker Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	6 months ago	How to protect hospitals against the ransomware Netwalker
Securityaffairs	7 months ago	A cyber attack hit Thyssenkrupp Automotive Body Solutions BU
CERT-EU	8 months ago	Russia seizes Trump Dumps, Ferum, and SkyFraud carding forums \| #datingscams \| #russianliovescams \| #lovescams \| #datingscams \| #love \| #relationships \| #scams \| #pof \| #match.com \| #dating \| National Cyber Security Consulting
CERT-EU	8 months ago	Infographic: A History of Network Device Threats and What Lies Ahead
CERT-EU	8 months ago	Infographic: A History of Network Device Threats and What Lies Ahead \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	10 months ago	Connect the Dots on State-Sponsored Cyber Incidents - Disruption of NetWalker ransomware
CERT-EU	a year ago	Connect the Dots on State-Sponsored Cyber Incidents - Disruption of NetWalker ransomware
CERT-EU	a year ago	'Bulletproof' Web Site Hosting Ransomware Finally Seized, Founder Indicted \| #ransomware \| #cybercrime \| National Cyber Security Consulting
InfoSecurity-magazine	a year ago	Authorities Take Down Lolek Bulletproof Hosting Provider
MITRE	2 years ago	Reflective Loading Runs Netwalker Fileless Ransomware
CERT-EU	2 years ago	NetWire Malware Site and Server Seized, Admin Arrested
MITRE	2 years ago	WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
CERT-EU	a year ago	Cyber Security Today, Week in Review for Friday, July 7, 2023 \| IT World Canada News
Securityaffairs	a year ago	Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency
BankInfoSecurity	a year ago	'Bulletproof' LolekHosted Down Following Police Operation
CERT-EU	a year ago	LolekHosted seized, five admins arrested following police operation
Securityaffairs	a year ago	Police dismantled bulletproof hosting service provider Lolek Hosted
Flashpoint	a year ago	Administrator of ‘Bulletproof’ Webhosting Domain Charged in Connection with Facilitation of NetWalker Ransomware
CERT-EU	a year ago	VPN vulnerability linked to ransomware attack on Law Society: PDPC
Naked Security	a year ago	Crimeware server used by NetWalker ransomware seized and shut down