Skip to main content

Netwalker ransomware operators set out plans for expansion

(Image credit: Image Credit: WK1003Mike / Shutterstock )

The operators of the Netwalker ransomware, previously known as Mailto, have recently begun recruiting affiliate partners and are promising huge payouts.

According to a Bleeping Computer report, Mailto rebranded as Netwalker in March, and its operators have since begun advertising affiliate partnerships on Russian hacking forums.

Affiliates are usually tasked with breaching a network and distributing the malware, but are distinct from the developer and operator. Netwalker claims it can extort anywhere between $696,000 and $1.5 million, with a 70 percent cut going to the affiliate.

The Netwalker operators have also delivered a handful of upgrades to the malware. One notable addition sees stolen data automatically published online if the victim fails to pay the ransom fee by the deadline.

Ransomware traditionally encrypts all files on a target network, allowing the operator to demand payment in cryptocurrency in exchange for the decryption key. However, with many businesses now backing up their data, ransomware operators often download the information prior to encryption.

If the victim decides to ignore demands, the criminals can use the data as leverage and threaten to publish stolen information online.