ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool NetWalker

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: NetWalker

NamesNetWalker
MailTo
Koko Ransomware
CategoryMalware
TypeRansomware, Big Game Hunting
Description(BleepingComputer) With the high ransom prices and big payouts of enterprise-targeting ransomware, we now have another ransomware known as Mailto or Netwalker that is compromising enterprise networks and encrypting all of the Windows devices connected to it.

In August 2019 a new ransomware was spotted in ID Ransomware that was named Mailto based on the extension that was appended to encrypted files.

It was not known until today when the Australian Toll Group disclosed that their network was attacked by the Mailto ransomware, that we discovered that this ransomware is targeting the enterprise.

It should be noted that the ransomware has been commonly called the Mailto Ransomware due to the appended extension, but analysis of one of its decryptors indicates that it is named Netwalker.
Information<https://www.bleepingcomputer.com/news/security/mailto-netwalker-ransomware-targets-enterprise-networks/>
<https://www.carbonblack.com/blog/threat-analysis-unit-tau-threat-intelligence-notification-mailto-netwalker-ransomware/>
<https://www.varonis.com/blog/netwalker-ransomware/>
<https://www.cybereason.com/blog/cybereason-vs.-netwalker-ransomware>
<https://www.tripwire.com/state-of-security/featured/netwalker-ransomware-what-need-know/>
<https://www.mcafee.com/blogs/other-blogs/mcafee-labs/take-a-netwalk-on-the-wild-side>
<https://www.cynet.com/attack-techniques-hands-on/netwalker-ransomware-report/>
<https://unit42.paloaltonetworks.com/ransomware-threat-assessments/2/>
<https://news.sophos.com/en-us/2020/05/27/netwalker-ransomware-tools-give-insight-into-threat-actor/>
<https://www.trendmicro.com/en_us/research/20/e/netwalker-fileless-ransomware-injected-via-reflective-loading.html>
<https://resources.infosecinstitute.com/topic/netwalker-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.mailto>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:netwalker>

Last change to this tool card: 23 April 2021

Download this tool card in JSON format

All groups using tool NetWalker

ChangedNameCountryObserved

APT groups

 Circus Spider[Unknown]2019-Jan 2021X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key