Netwalker Ransomware is being dispersed using phishing hoaxes

COVID-19 pandemic is not just for humans, but also for the computers and mobile devices. While the coronavirus is showing no symptoms of slowing down, attackers are continuing to unfurl more phishing scams and malware. Researchers from MalwareHunterTeam have identified a new phishing campaign that is distributing an attachment which installs Netwalker ransomware in the devices.

This Netwalker ransomware has already been known as Malito, but has recently been used to target government agencies and private enterprises. Netwalker has recently hit the Toll Group and the Champaign Urbana Public Health District in Illinois. 

How does Netwalker ransomware work?

Once the attackers deploy the phishing campaign, anybody who open the mail and downloads the attachment CORONAVIRUS_COVID-19.vbs, will own a exe file for Netwalker, then start executing the codes to extract the code and install it on the users device. Post installation an executable will stored in the temp and the program starts running to encrypt files within the device. After encryption the exe will rename the encrypted files with any random extension.

After completing the encryption the ransomware, sends a note via Readme.txt file briefing the procedure to pay the ransom. This time attackers have used the Tor’s payment site to receive the ransom.

What is threatening about the Netwalker?

Unlike other ransomware this one does not support simple decryption procedure. Users should have had a backup to restore the files, or work on those files again. Paying the ransom could release those encrypted files, but that is totally unethical to do. Furthermore, paying ransoms will motivate the attackers to deploy more such campaigns in future. So enterprises are advised not to pay the ransom.

Rising coronavirus attacks

In the span of two months, 1000 coronavirus targeted domains were created, DDOS attacks, phishing campaigns are expanding, ransomware targeting computers and mobile devices have also increased. The CISA and WHO have already mentioned to stay alert on coronavirus targeted phishing campaigns, enterprises are advised to ensure their remote workers are aware of these threats and do not become a victim of such baits.

Only efficient cybersecurity strategies and awareness will help businesses stay immune against these cyberattacks. We at ‘The Cybersecurity Times’, have defined some tips to improve the cybersecurity while working from home. 

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.