Netwalker

Inactive

NetWalker ransomware group operates by the threat actor known as "CIRCUS SPIDER". The NetWalker ransomware was discovered in 2019. The group mainly targeting the Asia Pacific region but can attack globally. The group uses common attacking tools like Mimikatz and other legitimate tools (LOLBINS) like PSTools, AnyDesk, TeamViewer, NLBrute, and more. The group knowing by targeting the healthcare sector. Finally, in January 2021, Netwalker was takedown by the authorities, the police have confiscated hundreds of thousands of dollars in ransom payments collected by the Netwalker group, and they seized servers and disrupted the infrastructure and the darknet websites of the Netwalker ransomware group.

26 Victims

Jan 30, 2020 First Discovered

Dec 11, 2020 Last Discovered

1969 Days Inactive

0% Infostealer

0/1 Sites Online

Top Countries

US 13

CA 3

AU 2

PK 1

AR 1

AT 1

Top Sectors

Technology 4

Energy 4

Manufacturing 4

Healthcare 4

Public Sector 3

Education 3

Consumer Services 2

Transportation/Logistics 2

Known Locations (1)

rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Tools Used

CredentialTheft

Mimikatz, ProcDump

DiscoveryEnum

AdFind

LOLBAS

PsExec

Offsec

Cobalt Strike

Victims (26)

Nygard International

CA Consumer Services Discovered: Dec 11, 2020 · Attack est.: Dec 11, 2020

CSAT Solutions

Technology Discovered: Nov 30, 2020 · Attack est.: Nov 30, 2020

Enel Group

Energy Discovered: Oct 18, 2020 · Attack est.: Oct 18, 2020

KYB Corporation

US Manufacturing Discovered: Sep 30, 2020 · Attack est.: Sep 30, 2020

Wilmington Surgical Associates

US Healthcare Discovered: Sep 30, 2020 · Attack est.: Sep 30, 2020

K-Electric (electric utility supplier)

PK Energy Discovered: Sep 6, 2020 · Attack est.: Sep 6, 2020

Equinix

US Technology Discovered: Sep 6, 2020 · Attack est.: Sep 6, 2020

Jands

AU Manufacturing Discovered: Aug 31, 2020 · Attack est.: Aug 31, 2020

Cygilant (threat detection cybersecurity company)

Technology Discovered: Aug 31, 2020 · Attack est.: Aug 31, 2020

Direccion Nacional de Migraciones (Argentina's official immigration agency)

AR Public Sector Discovered: Aug 26, 2020 · Attack est.: Aug 26, 2020

Entrust Energy

US Energy Discovered: Aug 4, 2020 · Attack est.: Aug 4, 2020

Forsee Power

Manufacturing Discovered: Jul 31, 2020 · Attack est.: Jul 31, 2020

Center for Fertility and Gynecology (Los Angeles)

US Healthcare Discovered: Jul 31, 2020 · Attack est.: Jul 31, 2020

Olympia House (Petaluma)

US Healthcare Discovered: Jul 31, 2020 · Attack est.: Jul 31, 2020

Canadian Tire

CA Consumer Services Discovered: Jul 31, 2020 · Attack est.: Jul 31, 2020

Alfanar

Manufacturing Discovered: Jul 8, 2020 · Attack est.: Jul 8, 2020

Trinity Metro (Fort Worth transit agency)

US Transportation/Logistics Discovered: Jun 30, 2020 · Attack est.: Jun 30, 2020

Lorien Health Services

US Healthcare Discovered: Jun 5, 2020 · Attack est.: Jun 5, 2020

Columbia College of Chicago

US Education Discovered: Jun 2, 2020 · Attack est.: Jun 2, 2020

University of San Francisco (UCSF)

US Education Discovered: May 31, 2020 · Attack est.: May 31, 2020

Michigan State University

US Education Discovered: May 26, 2020 · Attack est.: May 26, 2020

Spectra Logic

US Technology Discovered: Apr 30, 2020 · Attack est.: Apr 30, 2020

Network of Village of Weiz

AT Public Sector Discovered: Apr 30, 2020 · Attack est.: Apr 30, 2020

Northwest Territories Power Corporation

CA Energy Discovered: Apr 29, 2020 · Attack est.: Apr 29, 2020

Champaign-Urbana Public Health District

US Public Sector Discovered: Mar 9, 2020 · Attack est.: Mar 9, 2020

Toll Group

AU Transportation/Logistics Discovered: Jan 30, 2020 · Attack est.: Jan 30, 2020