Netwalker Ransomware

    Mimecast can help protect your organization from a Netwalker ransomware attack.

    Ransomware is not just a threat — it's a criminal enterprise

    Ransomware is not just a threat--it's a criminal enterprise. The more cybercriminals successfully extort organizations, the more profits cybercriminals rake in from their efforts. Enter Ransomware as a Service (RaaS), where threats like Netwalker ransomware are not launched by their developers, but by any cybercriminal who wants to purchase the malware and launch their own attack.

    In other words, cybercriminal groups are competing to see who can have access to prime targets and who can best exploit them using malicious programs like Netwalker.




    What is Netwalker ransomware?

    Netwalker ransomware (also known as Mailto ransomware) is a Microsoft Windows-specific malware that encrypts and exfiltrates files from the victim's computer. During a successful Netwalker ransomware attack, the victim's files will be inaccessible without a decryption key, and the cybercriminals may also publish the stolen files publicly as proof of a successful breach.

    This tactic is known as double extortion. The cybercriminals demand a ransom to decrypt the files and ask for an additional ransom not to publish the data on a more public website.


    How does Netwalker ransomware work?

    Netwalker is most often deployed in phishing emails. These are fraudulent emails disguised as legitimate emails and may even appear to be coming from government sources or within an organization. One famous example of a Netwalker ransomware email appears to come from the United States Center for Disease Control (CDC), with a hyperlink claiming to provide an up-to-date list of Covid-19 testing centers nearby. 

    The link actually contains malware, which is then sent to the user's temp folder where they likely won't notice it. Covertly, the malware activates, appearing to be a regular Windows program. By mimicking legitimate Microsoft processes, Windows itself does not detect anything unusual. Meanwhile, the malware encrypts and exfiltrates data.

    Once the victim's files are compromised, they will receive the ransomware message informing them that their files have been encrypted and they must pay ransom to regain access.


    Who does Netwalker ransomware target?

    Netwalker ransomware targets a variety of organizations, ranging from manufacturing companies and healthcare providers in the United States to Argentina's Immigration Agency and power utility companies in Pakistan.

    With the mass distribution of Netwalker ransomware, it's safe to say anyone, anywhere could be targeted.




    How to protect yourself from Netwalker ransomware

    Backup your data

    One of the most important measures to take against Netwalker ransomware is to have data backups that you can access in the event of a network breach. Having backups of your data means if your files are encrypted, you can still access copies of your files. Cloud-based storage can also be a convenient and secure way to store your backups so that they are difficult for cyber attackers to access.

    Security awareness training

    Phishing emails are getting better and better disguises, but there are still plenty of tell-tale signs for an imposter email. Security awareness training helps everyone understand how to avoid falling into ransomware traps and how to respond when they come across an email that looks suspicious.
    Learn more about how Mimecast's Security Awareness Training can help empower your team.

    Learn more about how Mimecast's Security Awareness Training can help empower your team.

    Don't pay the ransom

    Beware that cybercriminals do not always honor their own terms. When a cybercriminal group purchases a ransomware like Netwalker to launch their own campaign, they may not have purchased a decryptor key, which could restore access to encrypted files. It is also quite common for victims who pay ransom to be targeted and extorted again.

    Instead, do everything you can to prevent ransomware breaches in the first place, but in the event of a ransomware attack it's best to contact cyber security experts and your local authorities, who can potentially help you recover your data.


    Learn how Mimecast can protect your organization from a Netwalker attack

    Mimecast specializes in email security and risk compliance. With tools that can automatically isolate and detect ransomware like Netwalker, Mimecast makes it easy for organizations to operate and communicate securely without compromising efficiency.

    Learn more about how Mimecast can help protect your organization by getting a free custom quote.

    Back to Top