NetWalker, a new ransomware variant created to shutdown hospitals

A few weeks ago, a hospital in a small region of Spain was the victim of a cybersecurity incident that disabled a part of its IT infrastructure. According to specialists in a malware analysis course course, this was the first cyberattack affecting a Spanish hospital, at least until now.

Reports similar to this have appeared over the past few days, turning on alarms among the authorities. Finally, the Deputy Director of the National Police revealed the identification of NetWalker, a new variant of ransomware capable of completely disabling the entire computer infrastructure of thousands of Spanish hospitals.

Authorities launched this alert just a few hours ago, recommending staff working in these institutions to be careful with any possible malicious email or website, as it is a matter of a matter of seconds for malware to infiltrate a system affected, as mentioned by the malware analysis course specialists.

In addition, a report from security firm Kaspersky mentions that this is a new version of a ransomware variant known as Kokoklock, in addition to the Mailto malware. According to the report, threat actors employ a simple social engineering campaign to engage victims with a malicious link, attachment, or website.

On the other hand, the Spanish authorities, in collaboration with instructors from a malware analysis course, ensured that the main vector of attack in this country is the sending of emails with malicious files attached, noted that most of Antivirus tools cannot identify the threat until it is too late.

As if that were not enough, this threat has already transcended the borders of the European country. Several health institutions in Illinois have reported cases of NetWalker infection, making it difficult to combat the global coronavirus/COVID-19 outbreak.

After completing the target system infection, the malware displays a ransom note demanding a payment for an unreleased sum. According to the International Institute of Cyber Security (IICS), it is not advisable to negotiate a payment with hackers, as there is no guarantee that threat actors will meet their part of the deal, so user information could be lost Forever.

In addition, due to its low cost and low complexity, ransomware infection campaigns remain one of the main cybersecurity risks for users in general, so it is recommended to take forecasts, such as implementing email filters and backup files.