Government operated Trinity Metro under attack by NetWalker
Over the past few years, various ransomware operators have been repeatedly targeting government agencies in an attempt to exploit the huge exposure of their IT infrastructure and get hold of the massive amount of data collected by these agencies. One such attack has been observed against the transportation services provider, Trinity Metro, based in Texas, US.
Trinity Metro under attack
NetWalker ransomware, which is believed to be an updated version of Kokoklock ransomware, was seen attacking Trinity Metro, a Texas-based transportation provider.
- Recently, NetWalker Ransomware Group claimed to have targeted the bus and commuter rail transportation operating agency Trinity Metro.
- More than 200 folders containing the information exfiltered from Trinity Metro networks were dumped by the attackers on the NetWalker’s dump website.
- The attack impacted several departments of the agency, as indicated by the names of the folders, namely “Security”, “Accounting and HR Shared”, “Planning Documents”, and “Daily Operations Documents”.
Netwalker - a busy ransomware group
Netwalker operators have been actively targeting several organizations, mostly academic institutions, and healthcare organizations in the past some time.
- Within the past few months, Netwalker operators had targeted the University of California San Francisco (UCFS), Crozer-Keystone Health System, Michigan State University, Columbia College of Chicago, and Champaign-Urbana Public Health District.
- Besides healthcare and education, Netwalker operators can be seen taking interest in large enterprises including government agencies (like the City Of Weiz), the energy sector (Northwest Territories Power Corporation), and transportation agencies (Toll group).
An expected rise
In May, Netwalker ransomware operators were observed making a huge investment in sharpening their attacks, by recruiting new affiliates and developing an auto-publishing data leak site for further promoting their ransomware campaigns. So, an increase in its attacks was an expected outcome of those efforts.