NetWalker operators are again on an attack spree, now specifically targeting U.S.-based organizations. To ensure proper security, the FBI had issued a security alert dedicated to this ever-growing threat.

What happened?

Recently, the Netwalker ransomware group claimed to pilfer data from Forsee Power, a provider of advanced lithium-ion battery systems. Operators have also shared a few snapshots showing folders related to accounts receivable, finance, collection letters, expenses, and much more in support of their claim.

The warning

At the end of July, the FBI already warned against the increasing attacks by Netwalker ransomware (aka Mailto) operators, targeting the U.S. and foreign organizations.
  • Netwalker has been targeting several government organizations, education entities, private companies, and health agencies. After gaining access to networks, it uses malicious tools to collect admin credentials and steal sensitive information. It, subsequently, asks the victims to pay a ransom to decrypt data and avoid public exposure of stolen data.
  • The FBI also provided Indicators of Compromise (IoCs) associated with the ransomware and included a list of recommended mitigation measures in its alert.

An active ransomware threat

After targeting universities, financial organizations, and manufacturers back-to-back this year in June, Netwalker has already targeted many organizations across different sectors in July:

The transition of file sharing service

Earlier, Netwalker operators were uploading stolen data to the cloud storage and file sharing service, MEGA.NZ (MEGA) but in June 2020, they switched from MEGA to another file sharing service: website[.]dropmefiles[.]com to upload and release stolen data.

Mitigation measures

Within its recommendations, the FBI has advised users to use multi-factor authentication (MFA) with strong passwords, keep softwares up to date and a back-up of critical data offline, and consider using a trustable VPN service.
Cyware Publisher