McAfee studied NetWalker ransomware and offers a proactive solution against this threat
McAfee specialists studied the NetWalker ransomware, tracked hackers’ bitcoin wallets and calculated how much they earn. It turned out that in terms of “profitability”, NetWalker can be compared with Ryuk or REvil, as since March 2020, the ransomware has brought its operators about $25 million.
NetWalker was discovered in August 2019. Initially, the ransomware was named Mailto, but then the researchers renamed it to NetWalker. The malware works according to the RaaS (ransomware-as-a-service) model: attackers register on a special portal and complete the tests, after which they are able to create their own versions of the ransomware.
“The NetWalker authors prefer to partner with hack groups that are interested in targeted attacks against large companies, rather than the mass user. This approach allows ransomware to ask for larger ransoms, since large companies lose large sums of money during the forced downtime and sometimes it really is more profitable for them to pay”, — say McAfee researchers.
McAfee experts write that NetWalker attacks often occur through vulnerabilities in Oracle WebLogic and Apache Tomcat, poorly protected RDP endpoints, as well as phishing attacks on employees of the target company. The FBI also recently warned that NetWalker operators began using exploits for vulnerabilities in Pulse Secure VPN (CVE-2019-11510) and for web applications using Telerik UI (CVE-2019-18935) for attacks.
American law enforcements and McAfee information security experts note that in recent months, the group’s activity has significantly increased. For example, currently the most famous victim of NetWalker is Michigan State University, which was infected by the ransomware at the end of May this year. At the same time, according to McAfee, NetWalker poses a threat not only to American companies, but also to companies from Western Europe.
NetWalker infection scheme, according to ID-Ransomware.
Experts attribute the success of NetWalker to the fact that the ransomware authors have their own website where they publish data stolen from companies if they refuse to pay. This helps criminals to put additional pressure on victims, as many of them fear that their intellectual property or sensitive user data will be in the public domain.
McAfee experts suggest protecting against threats like NetWalker using MVISION Insights. According to them, it is the only proactive endpoint security solution that simultaneously prioritizes and predicts threats. You can check the capabilities of McAfee MVISION Insights by going to the software preview, where you can select the most available threat information.
While you are thinking about the threats, described in this article, please also check out how Windows Defender fights against both third-party applications and, for example, the HOSTS file if trackers are disabled in it.
