What is NetWalker?

NetWalker (also known as Mailto) is the name given to a sophisticated family of Windows ransomware that has targeted corporate computer networks, encrypting the files it finds, and demanding that a cryptocurrency payment is made for the safe recovery of the encrypted data.

Ransomware is nothing new. Why should I particularly care about NetWalker?

NetWalker, like the Maze ransomware and a small number of other ransomware families, aggressively threatens to publish victims’ data on the internet if ransoms are not paid.

So it’s not just a case of reaching for your backup?

Well, that’s a good start. If your backup is up-to-date and it hasn’t been compromised by the attack then at least you can get your data back, and have some chance of getting your systems operational again. Of course, you’ll want to ensure that your systems are properly secured and that hackers haven’t maintained access to your systems, as it’s possible you will fall victim again.

But there remains the problem of the exfiltrated data. If that’s released by the NetWalker gang then there are clear dangers – not only to your business, but also to your partners and customers. Rebuilding trust and your corporate reputation is not likely to be easy or inexpensive.

This is worse than a regular ransomware attack.

Nasty. How do they infect your computer system in the first place?

The NetWalker gang has not been shy of exploiting the COVID-19 pandemic to infect computer systems, exploiting interest in information amongst the general population as well as targeting individuals and entities working in the health industry.

Poisoned emails sent by the group disguise themselves to appear related to the Coronavirus crisis, but when recipients click on the attached Word or Excel file their computers are compromised.

In addition the ransomware (Read more...)