The cyber security company McAfee published a study showing the activities of NetWalker, a ransomware first known as Mailto that was initially discovered in August 2019.
According to the report, NetWalker operators have raised more than $25 million in ransom attacks since March 2020.
27 top executives in the PlusToken scam are reportedly arrested
From March 1 to July 27, the group collected about 2,795 Bitcoins (BTC), allegedly making it one of the most profitable types of ransomware for cybercriminals.
According to the report, the Bitcoin transactions received by the band, where the amount is divided among several different addresses, reflect that NetWalker is „ransomware as a service“ malware.
Such a move means that it has generated a huge amount of money through the sharing of affiliate revenue that it offers to other operators, says McAfee.
Kryptomaniacs turn to terrorism with a bomb threat in Japan
Reinforcing your capabilities
McAfee notes that NetWalker operators have switched from using legacy Bitcoin addresses to SegWit addresses because of their faster transaction times and lower costs, suggesting a sophistication in their modus operandi after becoming a ransomware as a service model.
On 20 March, at least two darknet forums posted messages regarding NetWalker players offering ransomware with a revenue-sharing scheme to help spread malware and make it as profitable as possible.
They will give a talk on preventing crypto scams
Speaking to Cointelegraph, Brett Callow, a threat analyst at the Emsisoft malware lab, said:
„NetWalker is a big hunter and responsible for numerous attacks on large public sector organizations as well as private sector companies. It is exceptionally difficult to estimate the amount of money that ransomware groups make, and as McAfee states, the figure of $25 million is almost certainly an underestimate. Globally, companies paid over $25 billion in ransomware claims in 2019.
The study adds that most of NetWalker’s targets were based in Western European countries and the United States. The group had previously announced that they would not target hospitals because of the COVID-19 pandemic, although there have been reports that they would do so.
The Crozer-Keystone Health System suffered a ransomware attack with NetWalker ransomware on June 19. The attackers began auctioning off data stolen from the system through their website on the darknet.