The Ransomware Group Netwalker has infected the computers of the Easter-rich city of Weiz with ransomware. The captured data were now partially published. The small town of Weiz is located in the Eastern Styria (Austria), a few miles from Graz, and is the economic center of the region. Offshore of multiple coarse companies such as the automotive supplier Magna as well as construction companies such as lovers-construction and Strobl Construction maintain operations there.
Easy to infection unknown
Obviously, at least individual computers of the city administration are infected by the ransomware, probably the malicious software has even infected the entire municipal network. The information about this incident comes from the Ransomware Group itself, which announced the successful Cyber attack. Sample data are at least since the 20. May 2020 Public. The city is now covered with information. On the website of Weiz has so far no information available.
It is obviously a relatively new variants of a ransomware family. The malicious software is usually spread over the downloads or in e-mail attachments – whereby the phrase "Information about the coronavirus" When Koder is used. According to a brief description of Trend Micro were samples of the FileCoders Ransom.PS1.Netwalker.B discovered until mid-May 2020. The Ransomware ends processes and services under Windows and then starts with the encapsulation of files. After successful closure, the users will be displayed on infected systems with a readme file with loose requests.
The readme file that displays the NetWalker ransomware after ‘work’.
Phishing Mails and VBScript
Details on the locked files that are manipulated in infection as well as the stored shadroutines can be found in the trend Micro contribution as well as in the NetWalker Ransomware Report of the Security Company Cynet. Their security researchers pursue the activities of the NetWalker-Ransomware Group, which are also responsible for attacks on the Australian Transport and Logistics Company Toll Group and the Illinois Champaign-Urbana Public-Health District (CUPHD).
In the report, the information that Netwalker ransomware is distributed via phishing mails via VBScript and spreads for a successful infection in the Windows network of the infiltrated victim. Files are locked on all accessible drives and backup copies lolled.
Data of the city administration
The fact that systems of the city administration of Weiz were successfully infected by malicious software is now occupied. A tweet draws attention to the fact that the Netwalker Ransomware Group complains to a successful attack for itself. For further research, the author of the post then commenced a report of the Security Company Cyble. Their security researchers have sample files published by the Ransomware Group on the Internet.
Screenshots of a folder that dates suspiciously from the construction office, point to file marks, conditions, building-based surveys, hall cleaning procedures, construction engines etc. there. Some folders can be assigned to individual employees of the administration via their name, for example, the technician. However, the files partially have date stamps from the years 2013 to 2018.
From the material that is previously accessible to the author of the contribution, the Brisance can not be clearly determined. Should e-mails and files with creation etc. to have been captured by what is to be amed, the data for Phisher was allowed to be of interest. So far, unknown, why the municipal administration wheat so far nothing else about this cyber attack happened.