Government operated Trinity Metro under attack by NetWalker

Over the past few years, various ransomware operators have been repeatedly targeting government agencies in an attempt to exploit the huge exposure of their IT infrastructure and get hold of the massive amount of data collected by these agencies. One such attack has been observed against the transportation services provider, Trinity Metro, based in Texas, US.

Trinity Metro under attack

NetWalker ransomware, which is believed to be an updated version of Kokoklock ransomware, was seen attacking Trinity Metro, a Texas-based transportation provider.
  • Recently, NetWalker Ransomware Group claimed to have targeted the bus and commuter rail transportation operating agency Trinity Metro.
  • More than 200 folders containing the information exfiltered from Trinity Metro networks were dumped by the attackers on the NetWalker’s dump website.
  • The attack impacted several departments of the agency, as indicated by the names of the folders, namely “Security”, “Accounting and HR Shared”, “Planning Documents”, and “Daily Operations Documents”.

Netwalker - a busy ransomware group

Netwalker operators have been actively targeting several organizations, mostly academic institutions, and healthcare organizations in the past some time.

An expected rise

In May, Netwalker ransomware operators were observed making a huge investment in sharpening their attacks, by recruiting new affiliates and developing an auto-publishing data leak site for further promoting their ransomware campaigns. So, an increase in its attacks was an expected outcome of those efforts.