Pierluigi Paganini August 06, 2020

Netwalker ransomware operators breached the networks of Forsee Power, a well-known player in the electromobility market.

A new company has been added to the list of the victims of the Netwalker ransomware operators, it is Forsee Power, which provides advanced lithium-ion battery systems for any mobility application.

The industrial group is based in France and in the US USA, it is one of the market leaders in Europe, Asia, and North America with annual revenue of around $65 million and over 200 employees.

Recently Cyble threat research group came across another disclosure from the Netwalker group that announced to have stolen sensitive data from Forsee Power.

Netwalker ransomware operators announced the attack with a message posted on their online blog and shared a few screenshots as proof of the security breach.

One of the images shared by the group shows a directory containing folders such as Accounts Receivable, Finance, collection letters, Expenses, and Employees. 

Below some tips on how to prevent ransomware attacks provided by Cyble:

• Never click on unverified/unidentified links
• Do not open untrusted email attachments
• Only download from sites you trust
• Never use unfamiliar USBs
• Use security software and keep it updated
• Backup your data periodically
• Isolate the infected system from the network
• Use mail server content scanning and filtering
• Never pay the ransom.

Recently the FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. and foreign government organizations.

The feds are recommending victims, not to pay the ransom and reporting incidents to their local FBI field offices.

The flash alert also includes indicators of compromise for the Netwalker ransomware along with mitigations.

The FBI warns of a new wave of Netwalker ransomware attacks that began in June, the list of victims includes the UCSF School of Medicine and the Australian logistics giant Toll Group.

The Netwalker ransomware operators have been very active since March and also took advantage of the ongoing COVID-19 outbreak to target organizations.

The threat actors initially leveraged phishing emails delivering a Visual Basic Scripting (VBS) loader, but since April 2020, Netwalker ransomware operators began exploiting vulnerable Virtual Private Network (VPN) appliances, user interface components in web apps, or weak passwords of Remote Desktop Protocol connections to gain access to their victims’ networks.

Recently the Netwalker ransomware operators were looking for new collaborators that can provide them with access to large enterprise networks. 

Below the recommended mitigations provided by the FBI:

• Back-up critical data offline.
• Ensure copies of critical data are in the cloud or on an external hard drive or storage device.
• Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the data resides.
• Install and regularly update anti-virus or anti-malware software on all hosts.
• Only use secure networks and avoid using public Wi-Fi networks.
• Consider installing and using a VPN.
• Use two-factor authentication with strong passwords.
• Keep computers, devices, and applications patched and up-to-date.

Pierluigi Paganini

(SecurityAffairs – Netwalker ransomware, Forsee Power)

[adrotate banner=”5″]

[adrotate banner=”13″]