ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool NetWalker

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: NetWalker

NamesNetWalker
MailTo
Koko Ransomware
CategoryMalware
TypeRansomware, Big Game Hunting
Description(BleepingComputer) With the high ransom prices and big payouts of enterprise-targeting ransomware, we now have another ransomware known as Mailto or Netwalker that is compromising enterprise networks and encrypting all of the Windows devices connected to it.

In August 2019 a new ransomware was spotted in ID Ransomware that was named Mailto based on the extension that was appended to encrypted files.

It was not known until today when the Australian Toll Group disclosed that their network was attacked by the Mailto ransomware, that we discovered that this ransomware is targeting the enterprise.

It should be noted that the ransomware has been commonly called the Mailto Ransomware due to the appended extension, but analysis of one of its decryptors indicates that it is named Netwalker.
Information<https://www.bleepingcomputer.com/news/security/mailto-netwalker-ransomware-targets-enterprise-networks/>
<https://www.carbonblack.com/blog/threat-analysis-unit-tau-threat-intelligence-notification-mailto-netwalker-ransomware/>
<https://www.varonis.com/blog/netwalker-ransomware/>
<https://www.cybereason.com/blog/cybereason-vs.-netwalker-ransomware>
<https://www.tripwire.com/state-of-security/featured/netwalker-ransomware-what-need-know/>
<https://www.mcafee.com/blogs/other-blogs/mcafee-labs/take-a-netwalk-on-the-wild-side>
<https://www.cynet.com/attack-techniques-hands-on/netwalker-ransomware-report/>
<https://unit42.paloaltonetworks.com/ransomware-threat-assessments/2/>
<https://news.sophos.com/en-us/2020/05/27/netwalker-ransomware-tools-give-insight-into-threat-actor/>
<https://www.trendmicro.com/en_us/research/20/e/netwalker-fileless-ransomware-injected-via-reflective-loading.html>
<https://resources.infosecinstitute.com/topic/netwalker-malware-what-it-is-how-it-works-and-how-to-prevent-it-malware-spotlight/>
MITRE ATT&CK<https://attack.mitre.org/software/S0457/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.mailto>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:netwalker>

Last change to this tool card: 30 December 2022

Download this tool card in JSON format

All groups using tool NetWalker

ChangedNameCountryObserved

APT groups

 Circus Spider[Unknown]2019-Feb 2022X

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]