Netwalker Ransomware

Malware updated a month ago (2024-11-29T13:36:38.003Z)
Download STIX
Preview STIX
NetWalker ransomware is a form of malicious software (malware) that targets vulnerable systems, often infiltrating them through suspicious downloads, emails, or websites. Notably, it has been observed to target vulnerable Pulse Secure VPN devices for initial access, as indicated by IOCs released by the FBI. The malware is unique in that it is not compiled but written in PowerShell and executed directly in memory without storing the actual ransomware binary into the disk. This sophisticated approach allows it to stealthily disrupt operations and hold data hostage for ransom. The NetWalker ransomware has been associated with significant cyberattacks, including an attack on the ThyssenKrupp Materials group of companies based in the U.S. and Canada on December 28, 2020. It also used the global Covid-19 pandemic as a vector for infection, sending out emails with an attachment named “CORONAVIRUS_COVID-19.vbs” that contained an executable file for the ransomware. Once opened, the obfuscated code within the file would extract and launch the ransomware on the victim’s computer, encrypting files and demanding a ransom payment. In response to these widespread attacks, the Department of Justice launched a global action against NetWalker ransomware. In a coordinated effort with Bulgarian authorities, they managed to disrupt the ransomware's operations, disabling its dark web resources and arresting a Canadian citizen believed to be associated with the operation. Additionally, approximately $500,000 in cryptocurrency, which had been delivered by victims as ransom payments, was seized. These actions marked a significant step towards mitigating the threat posed by the NetWalker ransomware.
Description last updated: 2024-05-04T17:09:02.615Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Netwalker is a possible alias for Netwalker Ransomware. NetWalker is a highly profitable ransomware kit, known for its ability to disable antivirus software on Windows 10 systems and encrypt files, adding a random extension to the encrypted ones. Once executed, it disrupts operations and can even hold data hostage for ransom. It has been observed that Ne
5
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Bitcoin
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Netwalker Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
10 months ago
Securityaffairs
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
MITRE
2 years ago
CERT-EU
2 years ago
MITRE
2 years ago
CERT-EU
a year ago
Securityaffairs
2 years ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
Flashpoint
a year ago
CERT-EU
2 years ago
Naked Security
a year ago