May 09, 2025
  • About
  • Contact Us
  • Greek (Greece)
  • English (UK)
ID-on't renounce my freedomID-on't renounce my freedom
  • Articles
    • Privacy
      • General Privacy Issues
      • Social Μedia
      • Data Mining
      • Data Brokers
      • Data Leaks - Hackers
      • Surveilance
      • Face Recognition
    • e- Government
      • General e-Government Issues
      • Citizen Card
      • Social Credit
    • Artificial Intelligence
      • General Artificial Intelligence Issues
      • Man Machine Interface
      • Robots
      • Superhumanism and Rehumanism
    • Economy
      • Cashless Society
    • Legal Issues
      • Legal News
    • Technologies
      • Bar Code
      • RFID
      • NFC
      • Electronic Implants
      • Cryptography
  • Blog
  • Videos
  • Books
  • Laws
  • You are here:  
  • Home
  • Articles
  • FBI: Warns of Netwalker ransomware targeting organizations

FBI: Warns of Netwalker ransomware targeting organizations

SecNews
Articles
17 August 2020
Hits: 2696
  • Print
  • Email

fbi proeidopoiei gia to netwalker ransomware 01

The FBI has issued a security warning to Netwalker ransomware operators targeting USA but also other countries, advising ransomware victims not to pay the ransom they are asked to report to the FBI. The FBI warning also contains some evidence that a breach related to the Netwalker ransomware, which is also known as "Mailto". In addition, the FBI released a list of measures it recommends that agencies take to mitigate these attacks.

According to the FBI, ransomware operators began targeting U.S. and other organizations in June 2020 after successfully encrypting systems in the network of UCSF Medical School and the Australian transport and logistics company "Toll Group". Toll Group was "hit" again by Nefilim ransomware, as well as Lorien Health Services, earlier this month.

In addition, the FBI notes that Netwalker ransomware operators have benefited from its pandemic COVID-19 in their attacks, managing to endanger a large number of unsuspecting victims in March, through phishing email carrying one Visual Basic Scripting (VBS) loader.

Starting in April 2020, Netwalker ransomware began exploiting vulnerable VPN devices, user interface components in web applications or weak RDP connection passwords, to access their target networks. Two of the most common vulnerabilities exploited by Netwalker operators are concerned the Pulse Secure VPN (CVE-2019-11510) and the Telerik UI (CVE-2019-18935).

The Netwalker ransomware team also recently released an ad in which it stated that it was looking for new partners who could offer it access in large corporate networks.

fbi proeidopoiei gia to netwalker ransomware 01

What mitigation measures is the FBI proposing?

  • Organizations can significantly reduce their chances of falling victim to Netwalker ransomware by using multi-factor authentication (MFA) with strong passwords and maintaining updated all devices and software in their networks.
  • The FBI also recommends use anti-virus or anti-malware on all network computers, while organizations should use only secure networks and avoid using public networks Wi-Fi. In addition, they should consider installing and using one VPN.
  • A very important measure proposed by the FBI is backups stored either on external storage devices or on in cloud, so that it is more difficult or even impossible for would-be intruders to access and encrypt them.

fbi proeidopoiei gia to netwalker ransomware 01

Once Netwalker ransomware administrators have successfully penetrated the network of a compromised target, they will use various malicious tools to collect admin credentials, to steal sensitive information, which they can later use to persuade the target to pay the ransom and encrypt the data on all Windows devices on the network.

The Netwalker ransomware team has uploaded stolen data in the cloud storage and file sharing service, MEGA.NZ (MEGA), by disclosing the data through the MEGA website or by installing the MEGA client application directly on the victim's computer. In addition, in June, the team went from uploading and releasing stolen data to MEGA to uploading the stolen data to another file sharing service: website.dropmefiles.com.

The FBI advises victims not to pay ransom after such attacks as well this does not guarantee the successful recovery of encrypted devices. However, the FBI understands that when agencies face operational weaknesses, executives will evaluate all options to protect their employees and customers.

 

Source: en.secnews.gr

 

Tags: Data Leaks - Hackers
  • Prev

Follow Us

  • RSS Subscribe us on News
  • Facebook Like us on Facebook
  • Twitter Follow us on Twitter
  • Youtube Subscribe on Youtube

Popular Articles

Error: No articles to display

footer-logo.png

The 'ID-on't renounce my freedom' website contains articles and news related to the growing threat to our personal freedom and privacy.

  info@id-ont.org

© 2019 ID-on't renounce my freedom | Designed by Privacy Team
  • Privacy
  • Site Terms
  • Contact Us
  • Home
  • Articles
    • Privacy
    • e- Government
    • Artificial Intelligence
    • Economy
    • Legal Issues
    • Technologies
  • Blog
  • Videos
  • Books
  • Laws