security-alarm-warning-monitor-computer-network-privacy-policy-hacker-cybercrime banner image

NetWalker Ransomware warning

August 10, 2020

Not even a pandemic can stop scammers. Late last week the FBI issued a flash alert warning for the NetWalker Ransomware which is “exploiting COVID-19 fears by luring unsuspecting victims with pandemic related phishing emails.” The use of ransomware to attack courts is not new. In July 2019 the Georgia Administrative Office of Courts was hobbled by a ransomware attack. In May 2020 the Texas Office of Court Administration was forced to shut down its website and disable servers for its statewide court network in response to a ransomware attack. The National Center for State Court’s cybersecurity experts have broken down the specifics of the FBI’s NetWalker alert, how to prevent and prepare for an attack, and what to do if your court falls victim to such attack in this August 2020 Trends Online article.

NCSC’s NetWalker Alert provides the technical aspects of guarding against an attack that all courts should review and implement, but everyone within the court community should be guarding against ransomware. Described as one of the biggest security problems on the internet, “ransomware is a form of malicious software – malware – that encrypts files and documents on anything from a single PC all the way up to an entire network, including servers.” Links and innocuous attachments from a seemingly legitimate source, like these sample phishing emails from InfoSec and Phishing.org, are one of the most common ways to infect systems with ransomware. At first glance, the email addresses appear legitimate, but the “A” is missing from the Amazon account and the PayPal security email is actually an Outlook account.

Amazon Example

Paypal Example

Another tactic, like this example from Washington University, is to include an attachment in an urgent email. For example, during the pandemic, one might see an email title: Urgent! Anytown, USA’s COVID-19 reopening plan. Please Read Immediately! With a word or PDF attachment to a document of the same name.

Email Example

Email is not the only way to infect a system. The online communication platforms courts use to hold a public hearing during the pandemic are used to distribute malware by distributing links or filesharing in the chat if the courts have not properly secured their platform. These are just a few of the methods used to infect systems with the NetWalker and other ransomware.

With courts conducting so much of their business online the need for every court’s network to remain healthy, protected, secure, and accessible to court personnel is even more important. Please review and implement the security measures in NetWalker Ransomware Alert. If you have questions about the NetWalker Ransomware, cybersecurity in general, please contact NCSC’s cybersecurity expert Paul Embley at pembley@ncsc.org or by calling (757) 259-1844. For more information regarding the Coronavirus pandemic please visit NCSC pandemic page.

How has your court addressed cybersecurity during the pandemic? Follow the National Center for State Courts on Facebook, Twitter, Instagram, or Pinterest and share your experiences.