Netwalker Ransomware Adopts an Affiliate Model to Help Increase Attacks and Profits



iStock-460313833The ransomware formerly known as Mailto has taken a page from traditional software vendors and rebranded itself with a new affiliate-based go-to-market strategy.

When I need new customers, I look for ways to quickly identify and reach potential prospects, which can often include a channel strategy that leverages partners and affiliates. So, it should come as no surprise to see that ransomware “vendors” are doing the very same thing. According to Bleeping Computer, the operators of the Netwalker have been conducting interviews (yeah! Interviews!!!) to identify appropriate affiliates since March that will help take advantage of those cybercriminal organizations that are really good at compromising credentials, use of social engineering, and infecting endpoints to help increase Netwalker’s reach.

According to the details uncovered, affiliates receive up to 70% of the ransom, giving cybercriminal organizations ample incentive to partner up with Netwalker.

With Netwalker operators touting paid ransoms as high as $1.5 million, this new age of multiple cybercriminal organizations ganging up together to be even more impactful should have you worried.

The good news is this new development only means Netwalker expands its’ potential for successful ransom; it does not ensure success however. Organizations that address the use of phishing attacks as one of the primary attack vectors can stop attacks by Netwalker affiliates in their tracks. With a layered security strategy and Security Awareness Training in place, users will both be protected from and can steer clear of advanced phishing attacks that may include Netwalker or any other malicious content.


Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ransomware-simulator

Topics: Ransomware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews