While the information security community around the world is discussing the elimination of Emotet, the law enforcement agencies of Bulgaria and the United States carried out another important operation: they disrupted the operation of the NetWalker infrastructure, one of the most active ransomwares of 2020.
According to the US Department of Justice, at least 305 victims from 27 countries, including 203 victims in the United States, suffered from NetWalker activity.
Infographics: Chainalysis
It is known that the server seized by the authorities hosted special pages, where NetWalker redirected victims of its attacks so that they could contact the attackers and negotiate the ransom payment. It also hosted hackers’ blog, where they published data stolen from companies if they refused to pay. Infographics: Chainalysis
Photo credfit: ZDNet
Apparently, he was one of the NetWalker clients, that is, he rented an encryptor from the developers and used it for its own intended purposes, since NetWalker operates on a ransomware-as-a-Service (RaaS) scheme.
Incidentally, last year McAfee analysts estimated the revenues of NetWalker operators at $25 million. Now, Chainalysis experts report that cybercriminals “earned” about $46 million in 2020, and NetWalker has become one of the five most profitable ransomwares of last year, along with Ryuk, Maze, Doppelpaymer and Sodinokibi.
The Chainalysis experts also believe that the aforementioned Canadian citizen was not only associated with the NetWalker authors, but also worked with other ransomware hack groups, including the Sodinokibi, Suncrypt and RagnarLocker developers.
Let me remind you that recently the cyber police of Ukraine exposed a transnational hacker group that were distributing Emotet, one of the most dangerous current malwares.
