“Ransomware is not just a cyber attack but can be termed as a Cyber Weapon of mass destruction to sabotage the IT and ICT infrastructure of a Country”
In a recent news article, the devastation caused by this less known Virus called Netwalker has been highlighted and its deterrence has been enumerated.
The Ransomware Netwalker, had been only noticed on the web as late as Aug/Sep 2019, but his virus has crippled into schools, hospitals and governments across the globe and has already earned over $25 million in ransom payments. NetWalker ransomware has been used on a number of different targets in western Europe and also the US, with the gang reportedly is known to target larger organisations.
In June 2020, the University of California San Francisco (UCSF) was attacked with NetWalker and was forced to negotiate a ransom over the dark web, thought to be $1,140,895. This also follows a similar attack on the University of Michigan.
In the month of June/August 2019 Argentina’s immigration Offices was attacked and this had caused disruption to the customer services component.
On 04 September 2020, Cygilant, a threat detection cybersecurity company, has confirmed a ransomware attack on them. This NetWalker Ransomware attack, is a ransomware-as-a-service group, which lets threat groups rent access to its infrastructure to launch their own attacks. The source of the attack could not be identified, however the site on the dark web associated with the NetWalker ransomware group posted screenshots of internal network files and directories believed to be associated with Cygilant. Cygilant has also not confirmed making any payment to the attacker.
On 11 September 2020, Redwood City, Calif based company, Equinix, one of the largest data center provider in the US fell victim to Netwalker ransomware. Equinix said that the security incident resulted in ransomware getting into some of its internal systems and this attack had impacted the delivery of services.
On 12 September 2020, there have been confirmed reports that, K-Electric, Pakistan’s largest power supplier, has been hit by the Netwalker ransomware attack, thereby causing disruption to multiple online services, including customer billing. Netwalker ransomware operators have given the company a seven-day deadline to pay a ransom of $3.85 million in Bitcoin and threatened to double the amount if their demands are not met.
What Is Netwalker Ransomware?
Netwalker is a strain of ransomware supposed to be designed in late August 2019. Initially believed to be a threat of the Mailto persuasion, it has since been established that it is an updated version of it. Mailto was discovered by independent cybersecurity researcher and Twitter user GrujaRS.
Data gathered so far indicates that Netwalker ransomware was created by a Russian-speaking group of hackers. This particular faction operates under the Circus Spider moniker. It is a typical Ransomware and is conceptualised as a ransomware-as-a-service. The group also mandates that the collaborator should always return the files of the victims who paid the ransom. Nonetheless, this is never a guarantee when it comes to ransomware hackers.
How Does Netwalker Ransomware Operate?
The Netwalker Associates Group, distributes the malware through spam emails that the victim may click on phishing links and thereby causing infection to the computer and also of the enterprise network. The mass proliferation, is aimed at so that the probability of enticing victims is high.
This type of ransomware attack is categorised as belonging to a newer class of malware, namely that which spreads through VBScripts. What is nefarious about this technique is that, if successful, it reaches all the machines connected to the same Windows network as the original infection point.
It has also been reported that the Group behind the malware, Circus Spider, had also resorted to recruiting experienced network intruders to single out big targets such as private businesses, hospitals, or governmental agencies, rather than individual home users. Further, the modus-operandi has been the typical Ransomware Concept, like terminating all processes and services running with the OS, encrypting the files on the victims’ disk, and deleting the backups that were stored on the networks, etc.
What actions should you take to protect yourself and the organisation that you work at?
In a Ransomware attack, it is also not certain that you will be able to restore to what you were, even if you ware to pay for the demanded amount as ransom. Also, the loss of sensitive data to the attacker will always be a threat to individuals and organisation beyond the attack. Here are a few suggestions to ensure that one the ransomware attack is kept at bay:
- Use only updatable or latest devices. Do not uses obsolete equipment or gadgets.
- Always use software, that the OEM is able to support.
- Update the Operating System at the earliest.
- Always update all the applications that are installed on the device.
- Ensure that the physical protection is ensured.
- Use a good antivirus solution.
- Activate Firewall.
- Secure the network.
- Use patch management solutions.
- Use a secure mail solution
- Apply all filters on perimeter devices and equipment.
- Have an effective Backup System, isolate the backup system from the main system.
- Access control and frequent change of passwords need to carried out.
- Routine Audit of systems and review of policies and processes.