Law enforcement officials on Jan. 27 disrupted the ransomware leak site operated by the Netwalker ransomware gang, which has been responsible for a growing number of attacks on healthcare providers including the University of California San Francisco, according to a U.S. Department of Justice news release.
Five details:
1. Last July, the FBI issued a warning about the increasing number of Netwalker ransomware attacks targeting U.S. and foreign health agencies, private companies and governments.
2. In June 2020, UCSF paid hackers $1.4 million after they infected the university's medical school computer systems with the Netwalker ransomware. The Champaign-Urbana (Ill.) Public Health District and Springfield, Pa.-based Crozer Keystone Health System have also fallen victim to Netwalker attacks within the last year.
3. If ransoms aren't paid, Netwalker ransomware operators publish stolen data online. After infiltrating a victim's computer network and encrypting compromised data, Netwalker ransomware actors deploy the ransomware that delivers a file or ransom note to the victim.
4. The cybercriminals use Tor, a computer network that facilitates anonymous communication over the internet, to give the victim instructions for payment and the amount of the demanded ransom.
5. The Netwalker action includes charges against a Canadian national in relation to Netwalker ransomware attacks in which tens of millions of dollars were allegedly obtained, the seizure of $454,530 in cryptocurrency from ransomware payments and the disabling of the dark web hidden resource the gang uses to communicate with ransomware victims.
"We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure, and wherever possible, recovering ransom payments extorted from victims," said Nichoas McQuaid, acting assistant attorney general of the Justice Department's criminal division, according to the news release.