The ransomware group NetWalker has published extracts of data stoeln from the network of the Austrian city of Weiz. Among the published extracts are, among other things, building applications and building inspections. The group has infected the municipality with Ransomware. The small town of Weiz is considered to be the economic centre of the Oststeiermark region and is only a few kilometres away from the city of Graz. Several large companies such as the automotive supplier Magna and the construction companies Strobl Construction and LIEB-Bau-Weiz have production sites in Weiz.
The Ransomware Group itself announced the cyber-attack via Twitter. The attack was probably carried out trough phishing emails. The cybercriminals sent the malware via email attachments and used the subject “Information about the coronavirus” as bait. Individual computers were infected by the ransomware, possibly the entire municipal network was infected. The city of Weiz itself has not yet made an official statement about the hacker attack.
This is a relatively new version of a ransomware family. Netwalker ransomware spreads via phishing emails using VBScript and, if the infection is successful, spreads to the victim’s Windows network. The ransomware terminates services and processes under Windows and encrypts files on all accessible disks. Backups are removed. The hacker group NetWalker is suspected to also be responsible for attacks on a health authority in Illinois, USA and an Australian transport company.
Analysts from our PandaLabs have already indicated in the latest Threat Insights Report 2020 that ransomware attacks will continue to be among the largest cyber threats in 2020. Discover the latest developments in the world of cyber security here.