Advanced Intelligence, LLC released a report on NetWalker Ransomware Group. From the background and summary of their report:
Throughout the COVID-19 crisis, there has been a drastic increase in the number of cyberattacks targeting the healthcare industry. The NetWalker ransomware syndicate is no exception to this trend. NetWalker responsible for such attacks as a high-profile ransom of the Australian transportation and logistics company Toll Group was first spotted in August of 2019. When it was discovered the group and the ransomware it used were originally referred by researchers as “MailTo.” However, it is the threat actor’s recent activity–not its origins–that has earned it recognition from the US Department of Homeland Security, the FBI, and the cyber community at large.
Within the past two months, NetWalker has become extremely active; the syndicate has revolutionized the way it conducts business by transitioning to a network intrusion-focused, Ransomware-as-a-Service (RaaS) model. This new business model allows NetWalker to collaborate with other seasoned cybercriminals who already have access to large networks and have the ability to disseminate ransomware.
NetWalker distributes ransomware via two main methods: 1) phishing schemes & spam emails; and 2) large-scale network infiltration. NetWalker now claims a singular preference for network infiltration, which is novel to the Russian-speaking ransomware community. As a result, the threat actor is requiring its new affiliates to have pre-existing access to large networks.
Read the report on Advanced Intelligence, LLC.