Ransomware, NetWalker, has been one of the most profitable in 2020, earning millions. A study conducted by the known cybersecurity firm, McAfee, has shown the activities of NetWalker. Included in the study is the amount collected for ransom payments amounting to $25 million since March of 2020.
The group is said to have collected around 2,795 BTC (Bitcoin), where the group has earned the title of the most profitable ransomware for cybercriminals. The Bitcoin transactions received by the group were split into several addresses, which make it clear that NetWalker is a “ransomware-as-a-service” malware. This has implied that they have generated a considerable amount of money by affiliate sharing of revenue that it offers to other operators.
The study also shows that the operators of NetWalker moved from the legacy Bitcoin addresses to SegWit address, which has faster transaction times and lower costs. This has put sophistication on the modus operandi after being a ransomware-as-a-service framework.
Last March 20, two darknet forums have shown posts related to NetWalker actors. They are offering the ransomware with affiliation and revenue-sharing scheme. This helps the group spread the malware and makes it as profitable as possible.
Emsisoft’s Threat Analyst, Brett Callow, said: “NetWalker is a big game hunter and responsible for numerous attacks on larger public sector organizations and private sector companies. Working out the amount ransomware groups make is exceptionally difficult, and, as McAfee states, the figure of $25 million is almost certainly an underestimate. Globally, companies paid more than $25 billion in ransom demands in 2019.”
Most of the targets of NetWalker are based in European countries and the United States. They have previously announced that they won’t attack hospitals due to the recent Covid-19 pandemic. But many reports said that this isn’t true.
On June 19, Crozer-Keystone Health System has been attacked by NetWalker ransomware. The group has started an auction of the stolen data through their darknet website.