The cyber security company McAfee released a study showing the activity of NetWalker, a ransomware first known as Mailto which was originally discovered in August 2019.
According to the message, NetWalker operators have raised over $ 25 million in ransom attacks since March 2020.
From March 1 to July 27, the group collected around 2,795 Bitcoin (BTC)This is said to make it one of the most profitable types of ransomware for cybercriminals.
According to the report, the bitcoin transactions received from the tape, in which the amount is divided into several different addresses, reflect this NetWalker is a “ransomware as a service” malware.
Such a maneuver implies that it generated a huge amount of money thanks to the distribution of affiliate revenue it offers other operators, says McAfee.
Strengthen your skills
McAfee says so NetWalker operators have switched from older Bitcoin addresses to SegWit addresses due to their faster transaction times and its lower cost, suggesting a refinement in how it works after becoming a model for ransomware as a service.
March, 20th News of the NetWalker actors who offer the ransomware has been published in at least two Darknet forums with a revenue sharing program to spread the malware and make it as profitable as possible.
Brett Callow, a threat analyst at Emsisoft Malware Lab, told Cointelegraph:
“”NetWalker is a great hunter, responsible for numerous attacks on large public sector organizations as well as private sector companies.. It’s extremely difficult to calculate the amount of money ransomware groups make, and as McAfee claims, the $ 25 million figure is almost certainly an understatement. Companies worldwide paid more than $ 25 billion for ransomware lawsuits in 2019. “
The study adds that Most of NetWalker’s destinations were located in Western European countries and the United States. The group had previously announced that they would not go to hospitals because of the COVID-19 pandemic, despite reports to the contrary.
The Crozer-Keystone Health System suffered a ransomware attack using NetWalker Ransomware on June 19. The attackers began auctioning the stolen data from the system through their website on the Darknet.