The attack was initiated with an email about coronavirus pandemic. The subject of the mentioned email was “information about the coronavirus,” a clever bait we must admit. Weiz’s public infrastructure was lured into the bait when the receivers clicked on the malicious link, that led to this catastrophe. Panda Security, which is digging into the subject, during its recent claims explained that the ransomware is a new version of its family since it now can access all the other networks that the Windows is contacted to.
More about NetWalker
Also known as Mailto, NetWalker is the name we call a group of windows ransomware. The ransomware targets the computer networks and encrypts the file in the computers it reaches. Although they mostly provide the owner with the encrypted data once they receive a cryptocurrency payment, the treats they make and the hindrance the cause are hard to compensate.
What they did
They attacked the Austrian city of Weiz, which is the center for several production sites including the automotive supplier Magna, the construction companies Strobl Construction, and LIEB-Bau-Weiz. These large constructional companies lost their data through and email they received regarding the COVID-19 pandemic. Interestingly, the NetWalkers declared their achievement on tweeter. They directly took the responsibility of the attack. They use VBScript through their fishing emails. Once the receiver clicks on it they gain access to the whole windows network. It restricts all the services under windows and encrypts files on all available disks. As mentioned before, they attacked the Illinois health authority and hindered the university’s and hospital’s performance during coronavirus pandemic. They were behind the recent Australian transport company malfunction as well.
What can we do?
Having an up-to-date backup is necessary, for enhancing the possibility of data recovery, which is why you should make regular backups. Although the backup can’t stop them from releasing the data and endanger you, it can at least guarantee your data recovery. The first step is accepting the possibility of getting targeted. For them, every organization is an opportunity regardless of the size and sector and geographical features. For instance, during the COVID-19 pandemic, many hackers declared they won’t attack the hospitals since their best performance is critical for saving as many lives as possible. Still, the Czech Republic’s hospitals became a victim of the ransomware from NetWalkers.
The second step is to invest in anti-ransomware technology. Sophos, after a survey in 2020, declared that 24% of the attacks were prevented using appropriate anti-ransomware technology. Another useful trick is to protect your data anywhere, whether it is a public or a private cloud. Knowing that 60% of the stolen data were achieved from the public cloud. Finally, Use cyber insurance that covers the ransomware.
Ransomware: Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.
VBScript: VBScript is an Active Scripting language developed by Microsoft that is modeled on Visual Basic. It allows Microsoft Windows system administrators to generate powerful tools for managing computers with error handling, subroutines, and other advanced programming constructs.