The FBI issued a warning July 28 about increasing Netwalker ransomware attacks, specifically targeting U.S. and foreign health agencies, private companies and governments.
In June, UCSF paid hackers $1.4 million after they infected the university's medical school computer systems with the Netwalker ransomware. The Champaign-Urbana (Ill.) Public Health District and Springfield, Pa.-based Crozer Keystone Health System have also fallen victim to Netwalker attacks this year.
Netwalker ransomware operators publish stolen data online if ransoms aren't paid. After successfully infiltrating the victim's network, Netwalker encrypts all connected Windows-based devices and data, locking users out of critical files, databases and applications, according to the FBI's warning. Once executed, the ransomware deploys an embedded configuration that includes a ransom note, ransom note file names and various other configuration options.
In March, cyber actors using Netwalker began releasing COVID-19 pandemic-related phishing emails and was able to spread through a visual basic scripting script attached to the email that once opened executes a payload. Netwalker then began gaining unauthorized access to victim networks in April by exploiting unpatched virtual private network appliances and weak passwords used for remote desktop connections.
The FBI does not recommend paying a ransom to cyber criminals and urges organizations that suffer attacks to report them to their local field offices. To help reduce the effects of a cyberattack, the agency recommends backing up critical data offline, ensuring copies of data are in the cloud or an external hard drive and regularly updating anti-virus or anti-malware software on all hosts.