A NEW THREAT IN THE CYBER-SECURITY SPHERE

1. ANEW THREAT IN THE CYBER-SECURITY SPHERE When it comes to cyber security, every organization already seems to be at a vulnerable state. The 67% hike in the total number of cyber-attacks since 2014, shows us the negligence on each organization’s part and their efforts toward maintaining a resilient network infrastructure. That’s why; the demand for cyber security consultants has been growing at a significantly progressive rate. But these vulnerabilities don’t really specify that all the companies are being lenient from their end. It’s just that the attacking side has been using their resources efficiently and anonymously enough to escape any chances of being caught. With that being said, it’s equally justifiable to say that a bit of negligence can be seen on all the players’ account. Anyway, with the new ransomware virus, “Netwalker” in the news, every organization has been skeptic about the surety of their protection against the same. This is because every player in all the industr3es in the market has always known the efforts the global market puts on mitigating such attacks. To get a better understanding of the virus itself, it is important to know how the virus is attacking its target. But before starting with it, we shall get a better picture of its origin.

2. NETWALKER: THE NEWEST STRAIN OF RANSOMWARE VIRUS Netwalker is a variant of Mailto Ransomware family which is basically used for locking certain files on a system and demands cryptocurrency payments to gain access of the files. The virus was first detected in May 2020 and since then; it has been using email extensions as a medium to lock the files on a system. According to the researchers who discovered the virus, the whole process of encrypting the files on a particular system, is executed by adding .mailto extensions to them. A new unique identification number is provided to the files, thereby making the .mailto extensions, secondary. Attackers have been using email attachments and span emails as a process of getting into the environment of an operating system. Speaking more about the Netwalker phishing campaign, the attackers have been using, “CORONAVIRUS_COVID-vbs” as the name of an attachment in which, the malware virus is embedded and is installable just by following the unclear code provided by the attackers. The fact that the attackers have offered an obscure code for launching the virus is till baffling many professionals out there.

3. HOW IS THE VIRUS ATTACKING THE SYSTEMS One of the main reasons why CISO as a service in London has been popularized is the severity of the cyber-attacks. On that note, it’s somehow still a shocker for many small scale organizations after seeing that the most dangerous hacks are executed by the simplest yet often overlooked processes. If we take a look at the Netwalker virus, after the script is executed, the executable will save in “%Temp%\qerSw.exe” and will be launched. Once the virus is executed, it’ll take no time in encrypting the files, after which the victim gets a Readme.txt along with the random extension name given to the encrypted files. This ransom note contains instructions on how to access the tor payment link of the virus. On a concluding note, it’s always the simplicity that confuses most of the cyber security consultants.Maybe that’s why there’s still no known weakness of the virus yet, or a way for the organizations to decrypt their files for free. But till then, all you can do is to hire the best consultancy services and safeguard your firm.