NetWalker Ransomware Attacks Illinois Public Health District

Cybercriminals launched a NetWalker (Mailto) ransomware attack against the Illinois Champaign-Urbana Public Health District (CUPHD) website, according to The News-Gazette. The health district's email accounts, environmental health records and patient electronic medical records were unaffected by the cyberattack.

The NetWalker attack was discovered last week as CUPHD officials tried to deliver Coronavirus (COVID-19) updates to Champaign-Urbana residents, The News-Gazette reported. It temporarily prevented health district employees from accessing certain files.

CUPHD's website is currently up and running. In addition, CUPHD is working with the FBI, U.S. Department of Homeland Security and global risk consulting service Kroll to investigate the ransomware attack.

What Is NetWalker?

NetWalker was discovered in August 2019 by ID Ransomware, according to BleepingComputer. It was initially named Mailto based on the extension that was appended to encrypted files, but ransomware recovery company Coveware later discovered a decryptor for the ransomware that indicated that the developer's name for the infection was NetWalker.

NetWalker compromises networks and encrypts all Windows devices connected to them, BleepingComputer indicated. When executed, NetWalker uses an embedded configuration that includes a ransom note template, ransom note file names and various configuration options.

How to Guard Against a NetWalker Attack

NetWalker encrypts Windows files and renders them unusable, PCRisk indicated. However, there are many ways to guard against NetWalker attacks, including:

MSSPs also can protect organizations against NetWalker and other ransomware strains. They can provide endpoint detection and response (EDR) and other security services to safeguard organizations against ransomware attacks, as well as offer tips to help organizations develop and implement effective cybersecurity programs.