HC3 Threat Briefing TLP White - Netwalker Ransomware - September 24, 2020

Netwalker Ransomware was initially discovered in September 2019 with a compilation timestamp dating back to August 28, 2019. 

  • Also known as: Malito, Koko, KazKavKovKiz
  • Operated as Ransomware-as-a-Service (RaaS) by a cybercrime group known as CIRCUS SPIDER
    • Advertised as a closed-affiliate program, and verifies applicants before they are being accepted as an affiliate
  • Significant targeting in the Asia Pacific (APAC) region, but can reach globally
    • Often target hospitals in the US and Spain
    • Big game hunters
  • Ransom demands from $1K USD to $3M USD; use “double extortion”; over $25 million since March
  • Leveraging coronavirus and exploiting healthcare organizations during pandemic

View details below.

Key Resources

Related Resources

Guides/Reports
Change Healthcare Cyberattack Underscores Urgent Need to Strengthen Cyber Preparedness for Individual Health Care Organizations and as a Field
Public
Advisory
SimpleHelp Remote Access Software Vulnerable to Ransomware Attacks
Public
Advancing Health Podcast
How to Survive a Cyberattack with Scripps Health: Part Four
Public
Advancing Health Podcast
How to Survive a Cyberattack with Scripps Health: Part Three
Public
Advancing Health Podcast
Effective Strategies to Combat Burnout and Promote Wellness in Health Care: Insights from Corewell Health
Public
Advisory
AHA Member Advisory with Resources for Hospitals and Health Systems
Member