The Department of Justice (DoJ) has announced a coordinated law enforcement operation to disrupt Netwalker, an advanced form of ransomware.
Netwalker has targeted a range of victims including businesses, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities, the DoJ reports. Its operators have specifically targeted the healthcare sector during the COVID-19 pandemic.
Attackers who deploy Netwalker, which operates in a ransomware-as-a-service model, usually gain access to a target machine days or weeks before a ransom note is delivered, officials say. During this time, they escalate privileges and spread Netwalker across devices. Once they have infected enough computers, they send a ransom note.
So far, officials have charged Canadian national Sebastien Vachon-Desjardins in relation to the Netwalker attacks, which have reportedly earned operators tens of millions of dollars in revenue. They have also seized roughly $454,530 in cryptocurrency from ransom payments and disabled a Dark Web resource that attackers used to communicate with their victims.
This Dark Web resource, seized by authorities in Bulgaria, was used by Netwalker affiliates to send payment instructions and communicate with victims. Those who try to access the resource now will see a banner stating it has been seized by law enforcement.
Read the full DoJ release for more details.