The Federal Bureau of Investigation (FBI) issued a Flash Alert warning for Netwalker Ransomware attacks against U.S. and foreign organizations.
According to the FBI, Netwalker encrypts Windows-based devices and data, thus making critical files, databases and applications inaccessible to users until a ransom is paid.
Security experts first spotted Netwalker in March 2020 after the ransomware took down an Australian logistics company and also a U.S. public health care organization.
In those attacks, cyber criminals abused COVID-19 to send pandemic-related phishing emails and trick users into clicking on malicious payloads.
In April, attackers then abused unpatched Virtual Private Networks (VPN) appliances, vulnerable web apps and weak passwords used in remote desktop connections.
As of June 2020, the FBI received reports of Netwalker attacks by unidentified actors against government, healthcare, education and private organizations across the globe.
Furthermore, the FBI explained in the flash alert that two of the most common vulnerabilities Netwalker exploits are Pulse Secure VPN (CVE-2019-11510) and Telerik UI (CVE-2019-18935).
Once systems are compromised via Netwalker, a combination of malicious programs are then used to steal sensitive data, harvest admin credentials or encrypt information.
Recommended mitigations
Organizations are highly encouraged to implement these safeguards to combat ransomware attacks:
- Backup data and keep copies offline (such as external hard drive or in cloud storage).
- Secure backups to prevent unauthorized changes to data.
- Run up to date anti-malware programs on all hosts.
- Use VPNs and avoid using public wifi.
- Use multi-factor authentication and strong passwords.
- Keep all devices up to date and patched.