NetWalker
Description
(BleepingComputer) With the high ransom prices and big payouts of enterprise-targeting ransomware, we now have another ransomware known as Mailto or Netwalker that is compromising enterprise networks and encrypting all of the Windows devices connected to it.
In August 2019 a new ransomware was spotted in ID Ransomware that was named Mailto based on the extension that was appended to encrypted files.
It was not known until today when the Australian Toll Group disclosed that their network was attacked by the Mailto ransomware, that we discovered that this ransomware is targeting the enterprise.
It should be noted that the ransomware has been commonly called the Mailto Ransomware due to the appended extension, but analysis of one of its decryptors indicates that it is named Netwalker.
Names
| Name |
|---|
| NetWalker |
| MailTo |
| Koko Ransomware |
Category
Malware
Type
- Ransomware
- Big Game Hunting
Information
- https://www.bleepingcomputer.com/news/security/mailto-netwalker-ransomware-targets-enterprise-networks/
- https://www.carbonblack.com/blog/threat-analysis-unit-tau-threat-intelligence-notification-mailto-netwalker-ransomware/
- https://www.varonis.com/blog/netwalker-ransomware/
- https://www.cybereason.com/blog/cybereason-vs.-netwalker-ransomware
- https://www.tripwire.com/state-of-security/featured/netwalker-ransomware-what-need-know/
- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/take-a-netwalk-on-the-wild-side
- https://www.cynet.com/attack-techniques-hands-on/netwalker-ransomware-report/
- https://unit42.paloaltonetworks.com/ransomware-threat-assessments/2/
- https://news.sophos.com/en-us/2020/05/27/netwalker-ransomware-tools-give-insight-into-threat-actor/
- https://www.trendmicro.com/en_us/research/20/e/netwalker-fileless-ransomware-injected-via-reflective-loading.html
- https://resources.infosecinstitute.com/topic/netwalker-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/
Mitre Attack
Malpedia
Alienvault Otx
Other Information
Uuid
2780e90e-39b2-4609-938b-72c45e2a5e25
Last Card Change
2022-12-30