The Federal Bureau of Investigations (FBI) released a flash alert in which it warned organizations about the dangers of Netwalker ransomware.

On July 28, the FBI revealed in Flash Alert MI-000130-MW that it had received notifications of attacks involving Netwalker against U.S. and foreign government organizations along with entities operating in the healthcare and education sectors.

Back in March 2020, for instance, news emerged of a Netwalker ransomware attack that helped to bring down the website for a public health department in Illinois. It was several months later when an assisted living services provider in Maryland revealed a data security incident in which attackers had used the ransomware to encrypt some of its information.

In its alert, the FBI noted that those responsible for Netwalker had used COVID-19 phishing emails and unpatched vulnerabilities affecting VPN apps to gain entry into an organization. The malicious actors had then used their crypto-malware to harvest administrator credentials and steal data from their victims. Ultimately, the attackers uploaded that stolen information to a file-sharing service.

Once they had come into possession of a victim’s data, the nefarious individuals activated the ransomware’s encryption routine. This step led the threat to encrypt all connected Windows-based devices and information before dropping a ransom note on the infected machine.

Screenshot of a sample Netwalker ransom note. (Source: Bleeping Computer)

The FBI took a moment in its alert to urge organizations that had suffered a Netwalker infection to not pay the attackers. It also cited the importance of organizations reaching out to report a successful attack.

As quoted in its bulletin:

Regardless of whether you or your organization have decided to pay the ransom, the FBI urges you to report ransomware incidents to your local field office. Doing so provides investigators with the critical information they need (Read more...)