Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security

NetWalker Ransomware Gang Has Made $25 Million Since March 2020 (zdnet.com) 20

The operators of the NetWalker ransomware are believed to have earned more than $25 million from ransom payments since March this year, security firm McAfee said today. From a report: Although precise and up-to-date statistics are not available, the $25 million figure puts NetWalker close to the top of the most successful ransomware gangs known today, with other known names such as Ryuk, Dharma, and REvil (Sodinokibi). McAfee, who recently published a comprehensive report about NetWalker's operations, was able to track payments that victim made to known Bitcoin addresses associated with the ransomware gang. However, security experts believe the gang could have made even more from their illicit operations, as their view wasn't complete.
This discussion has been archived. No new comments can be posted.

NetWalker Ransomware Gang Has Made $25 Million Since March 2020

Comments Filter:
  • by classiclantern ( 2737961 ) on Monday August 03, 2020 @10:37AM (#60360635)
    So long as they incorporate and pay their taxes they are no different than any other company that makes a profit from extortion. I applaud their entrepreneurial spirit. As I do not agree with their business model I keep an off-line back-up of all my files.
    • "...I keep an off-line back-up of all my files."

      You think they don't know that? When a ransom demand is made, it will be a pretty safe bet your last couple of backups contain an unpleasant surprise.

      • by gweihir ( 88907 )

        "...I keep an off-line back-up of all my files."

        You think they don't know that? When a ransom demand is made, it will be a pretty safe bet your last couple of backups contain an unpleasant surprise.

        That is nonsense. Even if there are logical bombs in the backups, offline backups do not change themselves. Hence even if the first restore fails, you can do another one knowing more. Also, it would require delaying the actual attack for quite some time, with a proportionally high risk of being detected and stopped before actual execution. And that is why these criminals do not try to compromise offline backups: It does more harm than good to their business model.

        • If the criminals want to make the big money, then they have to take a few risks. The risk of delaying the ransom note is relatively minor. Don't forget their crucial risk is being detected and arrested, but in some cases I think these criminals are actually state actors and they are acting on the basis of having high confidence that they will never be extradited for their crimes. Actually, they should be much more afraid of being disappeared to avoid international embarrassment if they are too clumsy and le

          • by gweihir ( 88907 )

            This is some serious BS. Anybody that is that deep in the target system will be after trade-secrets and they will leave without a trace. Ransomware is about making these attacks cheap and mass scale. Your offline backups are quite safe.

            • by shanen ( 462549 )

              Your rudeness is getting close to the limit of dialog. Maybe you don't understand how a hacked storage driver can work to mask its extra level of encryption? Or maybe you're a shill trying to encourage people to be less cautious about their backups? Or maybe you didn't like my attempted joke?

              I'm certainly not denying some targets of criminals have trade secrets and various other targets for various forms of commercial or industrial espionage. But that is not the valuable target in these kinds of blackmail w

              • I was willing to give the guy a pass, but I have to agree with you. He's rude as well as ignorant. I know of a fair-sized, decently-protected company that was compromised. It happens. I suspect our buddy gweihir, if he actually has a job in a relevant area, might one day get a surprise.

                • by gweihir ( 88907 )

                  I was willing to give the guy a pass, but I have to agree with you. He's rude as well as ignorant. I know of a fair-sized, decently-protected company that was compromised. It happens. I suspect our buddy gweihir, if he actually has a job in a relevant area, might one day get a surprise.

                  You saw a successful attack on offline-backups by a ransomware-type attacker? Are you sure? If so, I would love a reference. Because I am pretty sure that would be a first.

                  On the other hand, there are tons of companies even on the Fortune 500 that do only have online "backups" or where the offline backups are incomplete enough that they have a serious problem if attacked by ransomware.

              • by gweihir ( 88907 )

                Your rudeness is getting close to the limit of dialog.

                Your incompetence combined with an assumptions of my incompetence is getting old pretty fast. Maybe do a bit of research of the subject first? I do admit this is a bit unfair on my side, I just finished an analysis of their ransomware-risk for a Fortune 500 company. That requires realistic attacker models and no, ransomware attackers will not try to compromise an offline backup at this time. There is no money in that. They simply move on towards the next easy victim instead that does not have backups at all

      • When a ransom demand is made, it will be a pretty safe bet your last couple of backups contain an unpleasant surprise.

        If anything, ransomware makes it easier to determine which backup to use.

        Most modern backup solutions (e.g., Veeam and CommVault) will maintain deduplicated near-line copies, which are read out for remote backups---either to a remote array or to tape.

        Since ransomware will encrypt all of the user's files, it should be possible to review the near-line data for an increase in backup sizes; this is quick and easy because only the changed bits are considered. The date you want is the last day before the number o

  • Seems law enforcement is asleep at the wheel.

    • by shanen ( 462549 )

      Guessing this was your bid at FP? It would have been okay, but I think it's too facile to blame "law enforcement". But I just wrote a longer and more substantive reply in the other branch and I want to switch stories... Mayhaps time will allow me to return?

  • It would seem a lot more economical to hire someone to kill these guys. Somebody knows something.

  • The creatures who commit these crimes are in a far lower position in this world than shit. You can spread shit on the land and it makes plants grow, or you can put shit into a biomass converter and get methane from it to run a turbine and generate electricity.

    These creatures are nothing more than parasites, the same level in life as mosquitoes, leaches, ticks and tapeworms. They do not earn, they merely take from those who do earn giving no benefit to those who earn.

    I would love to see them caught and treat

The use of anthropomorphic terminology when dealing with computing systems is a symptom of professional immaturity. -- Edsger Dijkstra

Working...