Sophos Investigates Netwalker Ransomware, Insights on Threat Actor

Sophos discovers third-party programs for carrying out attacks after delving deep into Netwalker.

Many cybercriminals have been using the pandemic to their benefit. This leaves many companies more vulnerable than normal. Sophos, a leading cybersecurity firm, investigated the Netwalker ransomware which specifically targets large organizations instead of individuals.

During investigations, Sophos uncovered a collection of third-party programs used to quietly set off attacks. The collection even includes legitimate, publicly-available software (like TeamViewer), files cribbed from public code repositories (such as Github), and scripts (PowerShell). All of which were concocted by attackers.

The recent victims were mostly based in the US, Australia, and Western Europe. Sophos also supports reports of the Netwalker’s victim audience as the Netwalker ransomware has programs made to capture Domain Administrator credentials from an enterprise network. Moreover, it also includes orchestration tools which software distribution served from a Domain Controller rarely found among home users.

The nature of these attacks were characterized by Gabor Szappanos, senior director, Threat Research at SophosLabs as such: “The attacks are usually longer and multi-faceted, meaning attackers spend days or even weeks within targeted organizations, carefully mapping internal networks while gathering credentials and other useful information. In this process, they use legitimate third-party tools that may not be detected by the defenses.”

Learn more about the tools used by the cybercriminals related to the Netwalker Ransomware in the SophosLabs Uncut article.

1 Comment

Leave a reply

Digital Reg | Since 2004
Logo