Netwalker ransomware raiders rake in the money

The Netwalker ransomware threat has ramped up during the past quarter, earning its criminal operators increasing amounts of extortion money, security vendor McAfee said in a report.

Netwalker was first spotted in August last year and new variants have been found after that, attacking victims around the world including in Australia.

In April 2020, Microsoft's Threat Intelligence Protection warned that Netwalker was used to attack healthcare and critical service providers with human operators ready to negotiate ransoms and to advise on how to decrypt files after victims have paid.

Netwalker, like other recent ransomware gangs, tries to exfiltrate sensitive victim data as well as encrypt it, and threatens to publish it to the web if a payment isn't made.

As the virus pandemic swept the globe, the Netwalker criminals said they would cease to attack hospitals and appear to now strike larger organisations instead.

However, other ransomware operators like Maze have hit healthcare targets in Australia as recently as this week.

McAfee researchers have so far found a total of 2795 Bitcoin being transferred to the Netwalker-related wallets that the security vendor has been tracking betweenm March 1 and July 27 this year.

This amounts to just under A$43.6 million at the current Bitcoin exchange rate that Netwalker operators have pulled in.

The security vendor said it does not have complete visibility of the flow of Bitcoin into Netwalker addresses before the ransomware criminals ramped up their operations earlier this year, but it is clear that they have been very successful in extorting money out of legitimate businesses.

As Netwalker is ransomware-as-a-service, the extortion money is split between operators and the malware developers who take a cut out of each transaction, McAfee said.

Who is behind Netwalker is not known.

McAfee's research and code analysis tried to find links between several ransomware variants developed by threat actor Eriknetwalker since 2016, and Netwalker, but there was little to connect them with each other.