NetWalker (aka Mailto) ransomware, developed and operated by a cybercrime group known as Circus Spider, has been active since mid-2019. Since the past few months, its operators are actively targeting victims, mostly in corporate networks.
Actor's top targets
Lately, the NetWalker operators targeted several enterprises running systems on Windows OS.
This group’s activity increased during the coronavirus pandemic, which was directed at the healthcare sector.
The cybercrime group behind this ransomware identified as Circus Spider, a financially motivated threat group. At the end of May, the ransomware group was reportedly inviting other criminals to become a partner in spreading the ransomware. They were giving preference to those who had cybercrime experience and access to corporate networks.
Netwalker ransomware is using a double attack strategy, first encryption of data and then blackmailing victims to leak it publically. Experts suggest the most efficient way to avoid this threat is to stop the ransomware at the initial stage with adequate security measures, such as using secure email gateways, endpoint protection, and providing training to employees.