Netwalker ransomware earned $25 million in just five months

[tarekma7]

The Netwalker ransomware operation has generated a total of $25 million in ransom payments since March 1st according to a new report by McAfee.

Netwalker is a Ransomware-as-a-Service (RaaS) operation that began operating in late 2019, where affiliates are enlisted to distribute the ransomware and infect victims in return for a 60-70% cut of ransom payments.

Known as a human-operated, or enterprise-targeting, ransomware, Netwalker affiliates will hack into an organization's network and quietly gain control.



While gaining access to other workstations and servers, the threat actors will steal unencrypted files that are later used as leverage to get victims to pay.

Once they gain access to a network's Windows domain controller, they will deploy the ransomware to encrypt all of the devices on the network.

Building an advanced operation

When first starting, Netwalker infections were few and far between. Towards the end of April, something changed, and the operation pushed into high gear with a constant stream of new victims being reported on the ransomware identification site, ID Ransomware.

This increase in activity coincides with the Netwalker developers' recruitment drive on a Russian-speaking hacker forum where they stated they were looking for "experienced networkers with their own material."

SOURCE