NetWalker operators are again on an attack spree, now specifically targeting U.S.-based organizations. To ensure proper security, the FBI had issued a security alert dedicated to this ever-growing threat.
Recently, the Netwalker ransomware group claimed to pilfer data from Forsee Power, a provider of advanced lithium-ion battery systems. Operators have also shared a few snapshots showing folders related to accounts receivable, finance, collection letters, expenses, and much more in support of their claim.
At the end of July, the FBI already warned against the increasing attacks by Netwalker ransomware (aka Mailto) operators, targeting the U.S. and foreign organizations.
- Netwalker has been targeting several government organizations, education entities, private companies, and health agencies. After gaining access to networks, it uses malicious tools to collect admin credentials and steal sensitive information. It, subsequently, asks the victims to pay a ransom to decrypt data and avoid public exposure of stolen data.
- The FBI also provided Indicators of Compromise (IoCs) associated with the ransomware and included a list of recommended mitigation measures in its alert.
An active ransomware threat
- Transportation: Trinity Metropolitan (USA)
- Manufacturing: Alfanar (Saudi Arabia)
- Education: Columbia College Chicago (USA)
- Healthcare: Lorien Health Services (USA)
The transition of file sharing service
Earlier, Netwalker operators were uploading stolen data to the cloud storage and file sharing service, MEGA.NZ (MEGA) but in June 2020, they switched from MEGA to another file sharing service: website[.]dropmefiles[.]com to upload and release stolen data.
Within its recommendations, the FBI has advised users to use multi-factor authentication (MFA) with strong passwords, keep softwares up to date and a back-up of critical data offline, and consider using a trustable VPN service.