Although ransomware has been around for the last two decades, the treat is as serious as it was back then. In fact, the intensity and sophistication of this attack have grown sharply with time. While ransomware attacks have particularly targeted state and local governments, health care sectors, private companies, and the transportation sector have also been at the radar of hackers.

What Is Netwalker Ransomware?

Netwalker is a strain of ransomware that is thought to be a threat of the Mailto influence, which is an updated version of it. This is the name assigned to a family of Windows ransomware that has attacked business computer networks, encoding the files it finds, and asking that a cryptocurrency payment is made for the secure retrieval of the encoded data. Mailto was discovered by autonomous cybersecurity investigator and Twitter user GrujaRS.

This malevolent business model is nothing new, and is being hired most markedly by actors behind the GandCrab ransomware and its updated version Sodinokibi. Associates are offered a cut of up to 84% of the overhead if the preceding week’s wages surpass $300,000. If the wages are under this amount, they can still simply gain around 75% of the total value, while the rest goes to the group behind Netwalker. Through this technique, those involved earned $25 million in just five months starting with March 1st.

Nevertheless, joining in comes with its own set of rubrics. Affiliates are forbidden from going against establishments situated in the region of Russia and the Commonwealth of Independent States. Also, it is specified that agents must always return the files of the victims who paid the ransom. However, this is never an assurance when it comes to ransomware attackers.

How Does Netwalker Ransomware Operate?

When, in March 2020, Netwalker began to become popular, its MO was standard enough. Associates circulated the malware through junk emails that enticed victims into clicking on phishing links and infecting the computers in their network. Their focus on mass size meant that anyone was at a risk to become a target. This type of ransomware attack is characterized as belonging to a newer class of malware, viz. that which spreads through VBScripts. What is wicked about this method is that, if successful, it reaches all the machines linked to the same Windows network as the original infection point.

How to Secure Your Organization Against Netwalker Ransomware

In the event that Netwalker or any other similar threat infects important data, organizations rid themselves by paying the ransom. Nevertheless, that’s the least thing an organization should do, because you can never be sure that the hackers will give you back access to your data.

Here’s how you can protect your organization against Netwalker ransomware.

1. Formulate an Effective Data Backup Strategy

Actors who spread ransomware base their whole métier around keeping important data hostage. Having a restorable file record takes the power away from the hackers and puts it back into your hands. It is therefore significant to have an offline backup on an external hard drive or another type of storage device, as well as one in the cloud.

Nevertheless, for this approach to be really effective against Netwalker attacks, you need to appreciate what type of data your company needs to support in the first place. First, find the folders that are key to the even running of your operation. Then, ensure that they have precedence in the cloud and offline storage procedure.

2. Regularly Change the Passwords on All Access Points

One way in which Netwalker sneaks into the systems of large companies is through brute force and remote desktop procedure bouts. With the help of bots, the actors behind these malevolent hacks try a number of passwords until they hit the spot. Therefore, weak passwords cannot defend access points.

The best way to remedy this in your organization for good strength appear too simple to be true. Nevertheless, it all boils down to often changing and firming passwords, as well as using two-factor verification procedures. It’s a foolproof method to avert ransomware affiliates from controlling computers in your network remotely through RDP.

3. Use a Next-Generation Antivirus for Improved Safety

As stated earlier, threat actors are becoming extremely sly in their attacks, and Netwalker is a testament to that. Therefore, you should, firstly, ensure that your antivirus is updated and latest. However, that itself might not cut it nowadays. Hence, you should consider arming your business with a next-generation antivirus.

4. Frequently Apply Available Software Fixes

Installing software fixes once they are arranged by their respective developers is important for your network’s stability. Without them, threat actors can easily abuse unfixed system weaknesses and penetrate your machine to perform Netwalker. To arrange covers automatically and rationalize your company’s cybersecurity process even more, it’s recommended you frequently apply software patches.

5. Find a Netwalker Ransomware Decryptor

When confronted by a nefarious Netwalker attack, the most effective approach to adopt is to try a ransomware decryptor. As of currently, no Netwalker decryption tool has been in print, but keep looking for a top-notch Netwalker ransomware decryption either on the market or on the internet. In the meanwhile, however, the safest way to adopt is to prevent your systems from coming under such wicked attacks.


It was only a matter of time before threat actors began to make a profit with threats related to COVID-19, and Netwalker appears to be their most prominent venture in this direction. While a number of large organizations have already become its victim, this doesn’t need to occur to you now since information about this threat is on hand. As always, being hands-on is the best course of action when it comes to ransomware attacks. Waiting for a decryptor might be alluring, as it is the easiest way out, but in the interim, it is your due diligence to secure your business and its assets from Netwalker, as well as other types of cybersecurity problems.

Leave a Reply

Your email address will not be published. Required fields are marked *