Ransomware Group:  
Netwalker



Sponsored by Hudson RockUse Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business


Sites | External Information | Tools | Yara Rules | Ransom Note(s) | Activity | Worldmap | Victims (26)

NetWalker ransomware group operates by the threat actor known as "CIRCUS SPIDER". The NetWalker ransomware was discovered in 2019. The group mainly targeting the Asia Pacific region but can attack globally. The group uses common attacking tools like Mimikatz and other legitimate tools (LOLBINS) like PSTools, AnyDesk, TeamViewer, NLBrute, and more. The group knowing by targeting the healthcare sector. Finally, in January 2021, Netwalker was takedown by the authorities, the police have confiscated hundreds of thousands of dollars in ransom payments collected by the Netwalker group, and they seized servers and disrupted the infrastructure and the darknet websites of the Netwalker ransomware group.


Sites

Title Available Last Visit FQDN Screenshot
None 🔴 2021-05-01 00:00:00.000000 rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion N/A

External information

Tools used

Discovery RMM Tools Defense Evasion Credential Theft OffSec Networking LOLBAS Exfiltration
AdFind Mimikatz Cobalt Strike PsExec
ProcDump

This information is provided by Ransomware-Tool-Matrix

Yara Rules

Ransom Note(s)

Activity over time

Worldmap

26 Victims

CA flag

Nygard International 

Company logo
Ransomware Group:

Discovery Date: 2020-12-12 00:00

Group: 
 flag

CSAT Solutions 

Company logo
Ransomware Group:

Discovery Date: 2020-12-01 00:00

Group: 
 flag

Enel Group 

Company logo
Ransomware Group:

Discovery Date: 2020-10-19 00:00

Sector: Energy

Group: 
US flag

KYB Corporation 

Company logo
Ransomware Group:

Discovery Date: 2020-10-01 00:00

Group: 
US flag

Wilmington Surgical Associates 

Company logo
Ransomware Group:

Discovery Date: 2020-10-01 00:00

Group: 
US flag

Equinix 

Company logo
Ransomware Group:

Discovery Date: 2020-09-07 00:00

Group: 
PK flag

K-Electric (electric utility supplier) 

Company logo
Ransomware Group:

Discovery Date: 2020-09-07 00:00

Sector: Energy

Group: 
AU flag

Jands 

Company logo
Ransomware Group:

Discovery Date: 2020-09-01 00:00

Group: 
 flag

Cygilant (threat detection cybersecurity company) 

Company logo
Ransomware Group:

Discovery Date: 2020-09-01 00:00

Group: 
AR flag

Direccion Nacional de Migraciones (Argentina's official immigration agency) 

Company logo
Ransomware Group:

Discovery Date: 2020-08-27 00:00

Group: 
US flag

Entrust Energy 

Company logo
Ransomware Group:

Discovery Date: 2020-08-05 00:00

Sector: Energy

Group: 
US flag

Center for Fertility and Gynecology (Los Angeles) 

Company logo
Ransomware Group:

Discovery Date: 2020-08-01 00:00

Group: 
US flag

Olympia House (Petaluma) 

Company logo
Ransomware Group:

Discovery Date: 2020-08-01 00:00

Group: 
 flag

Forsee Power 

Company logo
Ransomware Group:

Discovery Date: 2020-08-01 00:00

Group: 
CA flag

Canadian Tire 

Company logo
Ransomware Group:

Discovery Date: 2020-08-01 00:00

Group: 
 flag

Alfanar 

Company logo
Ransomware Group:

Discovery Date: 2020-07-09 00:00

Group: 
US flag

Trinity Metro (Fort Worth transit agency) 

Company logo
Ransomware Group:

Discovery Date: 2020-07-01 00:00

Group: 
US flag

Lorien Health Services 

Company logo
Ransomware Group:

Discovery Date: 2020-06-06 00:00

Group: 
US flag

Columbia College of Chicago 

Company logo
Ransomware Group:

Discovery Date: 2020-06-03 00:00

Group: 
US flag

University of San Francisco (UCSF) 

Company logo
Ransomware Group:

Discovery Date: 2020-06-01 00:00

Group: 
US flag

Michigan State University 

Company logo
Ransomware Group:

Discovery Date: 2020-05-27 00:00

Group: 
AT flag

Network of Village of Weiz 

Company logo
Ransomware Group:

Discovery Date: 2020-05-01 00:00

Group: 
US flag

Spectra Logic 

Company logo
Ransomware Group:

Discovery Date: 2020-05-01 00:00

Group: 
CA flag

Northwest Territories Power Corporation 

Company logo
Ransomware Group:

Discovery Date: 2020-04-30 00:00

Sector: Energy

Group: 
US flag

Champaign-Urbana Public Health District 

Company logo
Ransomware Group:

Discovery Date: 2020-03-10 00:00

Group: 
AU flag

Toll Group 

Company logo
Ransomware Group:

Discovery Date: 2020-01-31 00:00

Group: