As of June 2020, the FBI has received notifications of Netwalker ransomware attacks on US and foreign government organizations, education entities, private companies, and health agencies by unidentified cyber actors. Netwalker became widely recognized in March 2020, after intrusions on an Australian transportation and logistics company and a US public health organization. Cyber actors using Netwalker have since taken advantage of the COVID-19 pandemic to compromise an increasing number of unsuspecting victims. Following a successful intrusion, Netwalker encrypts all connected Windows-based devices and data, rendering critical files, databases, and applications inaccessible to users. When executed, Netwalker deploys an embedded configuration that includes a ransom note, ransom note file names, and various configuration options. In March 2020, actors using Netwalker began exploiting COVID-19 fears by luring unsuspecting victims with pandemic related phishing e-mails. Specifically, Netwalker spread through a Visual Basic Scripting (VBS) script attached to COVID-19 phishing e-mails that executed the payload once opened.
