SoylentNews

upstart writes in with an IRC submission:

NetWalker Ransomware Rakes in $29M Since March:

The NetWalker ransomware has been around for about a year, but it has really made a name for itself in 2020, racking up around $29 million in extortion gains just since March.

First detected in August 2019, NetWalker lingered around before surging in use in March through June, according to an analysis from McAfee Advanced Threat Research (ATR). The uptick coincided with the implementation of a robust ransomware-as-a-service (RaaS) model, which has been attracting technically advanced criminal affiliates.

"NetWalker RaaS prioritizes quality over quantity and is looking for people who are Russian-speaking and have experience with large networks," the firm noted, in an analysis published Monday. "People who already have a foothold in a potential victim's network and can exfiltrate data with ease are especially sought after. This is not surprising, considering that publishing a victims' data is part of NetWalker's model."

This is reflected in some of the strikes attributed to the NetWalker malware, which are mainly targeted at large organizations in Europe and North America. These have included hits for transportation giant Toll Group, the University of California San Francisco and, most recently, French smart-battery company Forsee. Also, a recent FBI Alert warned that NetWalker ransomware attackers are now targeting U.S. and foreign government organizations.

[...] The actors also moved away from using legacy Bitcoin addresses to SegWit addresses.

"The benefits of using the newer SegWit addresses include faster transaction time and lower transaction cost," according to researchers. "The NetWalker advertisement on the underground forum mentions instant and fully automatic payments around the time of this observed change. This makes us believe the ransomware actors were professionalizing their operation just before expanding to the ransomware-as-a-service model."

Original Submission