image
The NetWalker ransomware – the scourge behind one of the recent Toll Group attacks – has transitioned to a ransomware-as-a-service (RaaS) model, and its operators are placing a heavy emphasis on targeting and attracting technically advanced affiliates, according to researchers. Traditionally, “technically advanced” and RaaS don’t tend to go together – after all, one of the benefits of the RaaS model is that newbie threat actors can simply rent the infrastructure and the tools they need to carry out an attack, rather than develop anything themselves. In the case of NetWalker however, the operators are bucking that trend. “The collective is selectively choosing the affiliates it collaborates with, creating an exclusive group of top-tier network intruders to execute its new RaaS business model,” said researchers with Advanced Intelligence, in a Tuesday posting. They added, “This new business model allows NetWalker to collaborate with other seasoned cybercriminals who already have access to large networks and have the ability to disseminate ransomware.” NetWalker’s creators, according to the analysis, has two methods that it uses to distribute its ransomware. One is the typical phishing and spam avenue used by most malware operators; and the other is via large-scale network infiltration. “NetWalker now claims a singular preference for network infiltration, which is novel to the Russian-speaking ransomware community,” explained the researchers, who added that in the…

Source