Increasing Netwalker Ransomware Attacks Leads to FBI Flash Alert Warning

by | Aug 1, 2020

The Federal Bureau of Investigation (FBI) has released a (TLP:WHITE) FLASH alert following a rise in attacks using Netwalker ransomware. Netwalker is a new threat on the ransomware scene, first spotted in March 2020 after attacks on a transportation and logistics company in Australia and the University of California, San Francisco.

UC San Francisco was put in a position where it had no option other than to pay a ransom of around $1.14 million for the keys to unlock encrypted files to recover important research data. One of the latest healthcare victims was the Maryland-based nursing home operator, Lorien Health Services.

The threat group has tried to leverage the COVID-19 pandemic to carry out attacks on government firms, private companies, educational institutions, healthcare providers, and entities involved in COVID-19 research.

The threat group at first implemented email as their attack vector, sending phishing emails included malicious Visual Basic Scripting (.vbs) file attachment in COVID-19 themed emails. In April, the group also started targeting unpatched vulnerabilities in Virtual Private Networking (VPN) appliances such as the Pulse Secure VPN flaw (CVE-2019- 11510) and Telerik UI (CVE-2019-18935).

The threat group is also renowned for focusing on insecure user interface components in web applications. Mimikatz is deployed to steal details, and the penetration testing tool PsExec is used to gain access to networks. Before encrypting files with Netwalker ransomware, sensitive data is sought and removed to cloud services. At first, data was exfiltrated via the MEGA website or by installing the MEGA client application directly on a victim’s workstation and more recently through the file sharing service.

Earlier in 2020, the Netwalker operators began advertising on hacking forums looking to bring on board a select group of affiliates that could supply access for the networks of large enterprises. It is not known how successful the group has been at recruiting affiliates, but attacks have been on the rise throughout June and July.

The FBI has issued guidance advising victims not to pay the ransom and to make any attacks known to their local FBI field office. In the alert the FBI explained: “Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered. However, the FBI understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers.”

A variety of different techniques are being implemented to obtain access to networks so there is no single mitigation that can be implemented to stop attacks from being successful. The FBI recommends ensuring that all computers, devices, and applications up to date and applying patches swiftly. Multi-factor authentication should be put in place to stop stolen credentials from being used to log on to systems, and strong passwords should be set to thwart brute force attacks to guess passwords. Anti-virus/anti-malware software should be installed on all hosts and should be kept updated, and regular scans should be carried out.

To make sure that recovery from an attack can take place without paying the ransom, groups should backup all critical data and store those backups offline on a non-networked device or in the cloud. The backup should not be accessible from the system where the data is located. In an ideal scenario you would have created more than one backup copy and store each copy in a different place.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy