[German]The group behind the ransomware NetWalker claim to have infiltrated the computer networks of the city of Weiz in Austria. Currently I only have two sources, but no confirmation from the city, on this subject.
Background information about Weiz
Weiz is a town with 11,701 citizens, which is located in the eastern part of Styria, Austria. The city is located on the Weizbach, a tributary of the Raab, a few kilometers south of the Weizklamm and about 25 kilometers northeast of Graz, the capital of Styria. Personally, I never made it to this area during my stays to record video trainings for video2brain in Graz. But it seems to be a nice place to go for hikers, according to this tourism site.
Weiz also seems to be the economic heart of the region, as several large companies of the automotive supplier MAGNA as well as construction companies like LIEB-Bau-Weiz and Strobl Construction are located in the area. Successor companies of the former ELIN UNION – Siemens AG Österreich Transformatoren Weiz, Andritz HYDRO and ELIN Motoren – as well as the international Knill Group – are probably also represented there.
The Netwalker Group
Netwalker is a malicious software that infects Windows systems and encrypts files. In the Ransom.PS1.NETWALKER.B short description by Trend Micro first samples of the ransomware were found as PowerShell scripts only at the beginning of May 2020. The distribution is done via downloads or in email attachments – probably using ‘information about the corona virus’ as bait. The Trend Micro article here deals with one case. The security researchers of Cynet have published this Netwalker ransomware report with more information.
In this document, the Austrian Federal Criminal Police Office (Bundeskriminalamt Österreich) warns in a more general form against ransomware attacks on companies and authorities in Austria. At the moment hardly a week passes without new types of malware appearing in Austria. New encryption Trojans (ransomware) appearing in Austria make the data of the infected systems irretrievably unusable! Even if victims pay a ransom, there is no guarantee that the data can be recovered. In addition, ransomware groups start uploading files to their own servers before encrypting them. Then they threaten to publish the often sensitive data.
Netwalker ransom group reports infection
I just found the following tweet from Catalin Cimpanu. He got the information that the NetWalker ransomware gang claims to have successfully infected the public administration network of the Austrian city of Weiz.
The NetWalker ransomware gang claims to have infected the government network of Weiz, an Austrian town pic.twitter.com/zp9RcILQCB
— Catalin Cimpanu (@campuscodi) May 22, 2020
The security company cybleinc.com reports here, that the backers of the NetWalker Ransomware have successfully infiltrated the IT of the city of Weiz. Afterwards the cyber criminals have probably leaked the captured confidential data. On the website of the security company you can find the following screenshot with the message of the ransomware group about the infection:
At present, cyber criminals seem to have only put excerpts of the data they have captured online. cybleinc.com has posted a screenshot of the directories.
On the website of the security researchers there are screenshots of various files with the communication of employees of the building authority of the city of Weiz with applicants for building projects etc. What I can estimate so roughly: The files contain communication data of employees of the city of Weiz as well as companies and citizens. These personal data could be used for phishing attacks.
I have looked on the website of the city, but have not yet found any information about it. A press enquiry is in progress – in the hope that the city’s e-mail system is not affected and that a reply will be sent.
Revil Ransomware hackers release first Trump files
News on the ransomware attack on Ludwigshafen supplier
Clop Ransomware attack at Technische Werke Ludwigshafen
Diebold Nixdorf victim of a Ransomware Attack
Fresenius probably victim of a Snake Ransomware attack
Ransomware infection in Czech University Hospital of Brno
Warning: Infected Cookie Consent logo delivers Ransomware
Ransomware strikes at night and on weekends
Cookies helps to fund this blog: Cookie settings