Connect with us

Hi, what are you looking for?

HEADLINES

Netwalker ransomware tools give insight into threat actor

The Netwalker threat actor has struck a diverse set of targets based in the US, Australia, and Western Europe, and recent reports indicate the attackers have decided to concentrate their efforts targeting large organizations, rather than individuals.

Sophos discovered a collection of third-party programs used to quietly carry out attacks while investigating the Netwalker ransomware. This includes legitimate, publicly-available software (like TeamViewer), files cribbed from public code repositories (such as Github), and scripts (PowerShell) that were created by the attackers as well. 

The Netwalker threat actor has struck a diverse set of targets based in the US, Australia, and Western Europe, and recent reports indicate the attackers have decided to concentrate their efforts targeting large organizations, rather than individuals.

The tooling uncovered supports this hypothesis, as it includes programs intended to capture Domain Administrator credentials from an enterprise network, combined with orchestration tools that employ software distribution served from a Domain Controller, common in enterprise networks but rare among home users.

“Ransomware attacks nowadays are not single-shot events like WannaCry was in 2017. Cybercriminals now have well-established procedures and toolsets that they routinely use. The attacks are usually longer and multi-faceted, meaning attackers spend days or even weeks within targeted organizations, carefully mapping internal networks while gathering credentials and other useful information. In this process, they use legitimate third-party tools that may not be detected by the defenses. However, if defenders know and understand the processes and the tools that attackers are using, they can better prepare against these attacks and detect them in the early stages before the actual ransomware payload is delivered,” said Gabor Szappanos, senior director, Threat Research at SophosLabs. 

Advertisement. Scroll to continue reading.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Smart has received reports about unscrupulous individuals pretending to be company executives or representatives of organizations asking for donations for made-up or nonexistent relief...

HEADLINES

Located in the Kaspersky office, the new facility will provide the company’s stakeholders with services ranging from an overview of Kaspersky’s practices, to a...

HEADLINES

Smart and Maya emphasize that they never send SMS with links requesting login credentials, personal information, or account verification. If you receive such a...

HEADLINES

In this new scheme, scammers call potential victims claiming that their phone number has been linked to illegal activities. The fraudsters would then extort...

White Papers

With an increase of 9% the industry is one of only three sectors with an increasing attack rate beside healthcare (+7%) and financial services...

HEADLINES

In August alone, PLDT and Smart’s Cyber Security Operations Group (CSOG) blocked access to more than 400,000 URLs that host child sexual abuse and...

White Papers

The survey reveals a crucial opportunity for mobile brands in the Philippines to stand out by prioritizing mobile app security and creating a better...

HEADLINES

Kaspersky’s solutions recorded Necro attacks targeting users in Russia, Brazil, Vietnam, Ecuador, and Mexico as part of this malicious campaign.

Advertisement