Netwalker Emerged In Mid-2019 Following Toll Group Attack
Netwalker burst onto the scene in August 2019 following the high-profile ransomware attack against Australian transportation and logistics company Toll Group. Data gathered so far indicates that Netwalker ransomware was created by a Russian-speaking group of hackers operating under the Circus Spider moniker, according to Hemidal Security.
The ransomware initially was named Mailto based on the extension that was appended to the encrypted files, but analysis of one of its decryptors indicated that its name was Netwalker, according to Cynet. Mailto was first discovered by independent cybersecurity researcher and Twitter user GrujaRS, Hemidal Security reported.
Netwalker compromises the network and encrypts all Windows devices connected to it, Cynet found. When executed, Cynet said Netwalker uses an embedded configuration that includes a ransom note, ransom note file names and various configuration options.