The number of ransomware attacks increased by over 700% year-over-year for 2020[1]. While this may make the situation seem hopeless for businesses, two recent high-profile busts show that law enforcement agencies are taking notice and attempting to keep up with hackers.

Netwalker dark web sites seized

The Netwalker ransomware is one of the more prolific variants today. From March to August 2020, it pulled in over $25 million in ransoms from its victims[2]. The developers employ a Ransomware-as-a-Service (RaaS) model, where other hackers can gain access to the malicious toolset in return for a percentage of their illicit spoils. RaaS widens the net for developer groups, allowing their programs to infect networks they may never have been able to crack or had no time to try.

On January 27th, the U.S. Department of Justice, in league with the FBI and the Bulgarian National Investigation Service, seized Netwalker’s dark web sites[3].  The ‘Dark Web’ allows for anonymous internet browsing, so it is rife with hackers, drug traffickers, and other shady entities. The Netwalker group regularly posted news about ransoms and, starting in March 2020, affiliate requests. This was when the group moved from an in-house to a RaaS model.

The United States DoJ charged one such affiliate, Canadian national Sebastien Vachon-Desjardins, with conspiracy to commit computer and wire fraud[4]. Authorities claim the man has made $27.6 million from the scheme. The fact he is Canadian likely played a significant role in his indictment. Often, the perpetrators of these types of computer fraud reside in countries that do not extradite cybercriminals, such as Russia, making filing charges pointless. So, while this bust is very encouraging, there are undoubtedly other affiliates in the network who will not stop their activities. It will be interesting to see if the Netwalker group starts a new Dark Web site any time soon.

Netwalker’s victims

The University of California, San Francisco. In June 2020, the Netwalker ransomware infected networks at UCSF. While the university claimed it used mitigation techniques to isolate the malware and prevent its spread, it still encrypted ‘important’ academic work. This led to the school paying a $1.14 million ransom, down from the initial $3 million asking price[5]. Still quite an expensive experience!

Toll Group

In late January of 2020, the Australian shipping logistics company, Toll Group, suffered a massive Netwalker attack that affected over 1000 servers[6]. It got so bad that they had to suspend operations for days while they scrambled to assess and contain the issue. This led to unsatisfied customers and a tarnished reputation. In fact, over nine months after the incident, the company was still dealing with the aftermath[7]. It is unclear if the organization paid out anything.

Crozer-Keystone Health System

Sadly, hackers are pretty unscrupulous when it comes to selecting their targets. In June of 2020, a Philadelphia-based health center, the Crozer-Keystone Health System, was attacked. It’s unknown exactly how much data was encrypted, but the healthcare provider publicly announced they would not cooperate with the culprits and no ransom would be paid. This resulted in the Netwalker group offering the data it stole up for auction via the now-defunct Dark Web site mentioned earlier[8]. Details are scarce, but officials from Crozer-Keystone don’t believe the hackers gained access to any patient medical data.

Emotet botnet taken down

The other big news in the world of cybercrime is that a coalition of international government agencies joined forces to take down the dreaded Emotet botnet. Responsible for 30% of malware attacks[9], the Emotet botnet isn’t ransomware itself but lays the foundation for malicious agents to install it.

A botnet is a massive group of computers automated to carry out specific malicious tasks. In the case of Emotet, it sent out hundreds of thousands of phishing emails to unsuspecting people. The emails contained Microsoft Word documents that required the viewer to ‘Enable Macros.’ If the victims complied, a backdoor was installed, leaving their computers susceptible to all sorts of attacks, including dangerous ransomware.

On January 27th, the news broke that law enforcement agencies in the United States, Germany, Canada, France, the U.K., the Netherlands, Lithuania, and Ukraine, brought down the enormous botnet[10]. In even better news, on April 25th, the Emotet malware is scheduled to uninstall itself[11].

So, it’s nice to see some good news after months of successful hacks, ransomware attacks, and COVID-19 phishing. While hackers won’t stop because of these stories, it’s good to know that law enforcement agencies worldwide are stepping up and doing something about the problem.

Protect your data

These developments are heartening, but organizations and individuals can’t rely on the government to protect them from hackers. They must be proactive and use secure solutions whenever possible.

If you need to store and share files online, AXEL Go provides industry-leading privacy features that keep sensitive documents away from malicious agents. AXEL Go utilizes distributed, decentralized servers along with AES-256 bit encryption and file sharding to ensure your files stay safe. Sign up for our full-featured Basic account and receive 2GB of secure online storage and enough fuel for thousands of typical shares. If you are a business or power user, we have different options to fit all needs and budgets. It’s time to get serious about protecting your data before it’s too late.

 

 

 

[1] “Mid-Year Threat Landscape Report 2020”, Bitdefender, 2020, https://www.bitdefender.com/files/News/CaseStudies/study/366/Bitdefender-Mid-Year-Threat-Landscape-Report-2020.pdf

[2] Lawrence Abrams, “Netwalker ransomware earned $25 million in just five months”, Bleeping Computer, Aug. 3, 2020, https://www.bleepingcomputer.com/news/security/netwalker-ransomware-earned-25-million-in-just-five-months/

[3] Brian Krebs, “Arrest, Seizures Tied to Netwalker Ransomware”, Krebs on Security, Jan. 27, 2021, https://krebsonsecurity.com/2021/01/arrest-seizures-tied-to-netwalker-ransomware/

[4] Kevin Collier, “Justice Department issues rare charges against ransomware operator”, NBC News, Jan. 27, 2021, https://www.nbcnews.com/tech/security/justice-department-issues-rare-charges-against-ransomware-operator-n1255899

[5] Lindsey O’Donnell, “UCSF Pays $1.14M Aftter NetWalker Ransomware Attack”, threatpost, June 30, 2021, https://threatpost.com/ucsf-pays-1-14m-after-netwalker-ransomware-attack/157015/

[6] Ry Crozier, “Toll Group tight-lipped on alleged ransomware attack”, itnews, Feb. 4, 2020, https://www.itnews.com.au/news/toll-group-tight-lipped-on-alleged-ransomware-attack-537437

[7] K&L Gates LLP, “Continuing to take its Toll: Toll Group still feeling impacts nine months after experiencing Ransomware Attack”, Lexology, Nov. 2, 2020, https://www.lexology.com/library/detail.aspx?g=002dc678-4d08-4782-88bb-1e4a9e188a7b

[8] Jackie Drees, “Ransomware group auctions Crozer-Keystone Health System data on darknet”, Beckers Hospital Review, June 22, 2020, https://www.beckershospitalreview.com/cybersecurity/ransomware-group-auctions-crozer-keystone-health-system-data-on-darknet.html

[9] Danny Palmer, “Emotet: The world’s most dangerous malware botnet was just disrupted by a major police operation”, ZDNet, Jan. 27, 2021, https://www.zdnet.com/article/emotet-worlds-most-dangerous-malware-botnet-disrupted-by-international-police-operation/

[10] “Emotet botnet taken down by international police sweoop”, BBC News, Jan. 27, 2021, https://www.bbc.com/news/technology-55826258

[11] Lawrence Abrams, “Europool: Emotet malware will uninstall itself on April 25th”, Bleeping Computer, Jan. 27, 2021, https://www.bleepingcomputer.com/news/security/europol-emotet-malware-will-uninstall-itself-on-april-25th/