{"id":14525,"date":"2020-05-22T12:18:28","date_gmt":"2020-05-22T10:18:28","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14525"},"modified":"2024-10-05T23:03:50","modified_gmt":"2024-10-05T21:03:50","slug":"sterreich-it-der-stadt-weiz-mit-ransomware-infiziert","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/05\/22\/sterreich-it-der-stadt-weiz-mit-ransomware-infiziert\/","title":{"rendered":"City of Weiz (Austria): Computers infected with ransomware?"},"content":{"rendered":"

[German<\/a>]The group behind the ransomware NetWalker claim to have infiltrated the computer networks of the city of Weiz in Austria. Currently I only have two sources, but no confirmation from the city, on this subject.<\/p>\n

<\/p>\n

Background information about Weiz<\/h2>\n

\"\"Weiz<\/a>  is a town with 11,701 citizens, which is located in the eastern part of Styria, Austria. The city is located on the Weizbach, a tributary of the Raab, a few kilometers south of the Weizklamm<\/a> and about 25 kilometers northeast of Graz<\/a>, the capital of Styria. Personally, I never made it to this area during my stays to record video trainings for video2brain<\/a> in Graz. But it seems to be a nice place to go for hikers, according to this tourism site<\/a>. <\/p>\n

Weiz also seems to be the economic heart of the region, as several large companies of the automotive supplier MAGNA as well as construction companies like LIEB-Bau-Weiz and Strobl Construction are located in the area. Successor companies of the former ELIN UNION – Siemens AG \u00d6sterreich Transformatoren Weiz, Andritz HYDRO and ELIN Motoren – as well as the international Knill Group – are probably also represented there.<\/p>\n

The Netwalker Group<\/h2>\n

Netwalker is a malicious software that infects Windows systems and encrypts files. In the Ransom.PS1.NETWALKER.B short description<\/a> by Trend Micro first samples of the ransomware were found as PowerShell scripts only at the beginning of May 2020. The distribution is done via downloads or in email attachments – probably using 'information about the corona virus' as bait. The Trend Micro article here<\/a> deals with one case. The security researchers of Cynet have published this Netwalker ransomware<\/a> report with more information.  <\/p>\n

In this document<\/a>, the Austrian Federal Criminal Police Office (Bundeskriminalamt \u00d6sterreich) warns in a more general form against ransomware attacks on companies and authorities in Austria. At the moment hardly a week passes without new types of malware appearing in Austria. New encryption Trojans (ransomware) appearing in Austria make the data of the infected systems irretrievably unusable! Even if victims pay a ransom, there is no guarantee that the data can be recovered. In addition, ransomware groups start uploading files to their own servers before encrypting them. Then they threaten to publish the often sensitive data.  <\/p>\n

Netwalker ransom group reports infection<\/h2>\n

I just found the following tweet from Catalin Cimpanu. He got the information that the NetWalker ransomware gang claims to have successfully infected the public administration network of the Austrian city of Weiz.<\/p>\n

\n

The NetWalker ransomware gang claims to have infected the government network of Weiz, an Austrian town pic.twitter.com\/zp9RcILQCB<\/a><\/p>\n

\u2014 Catalin Cimpanu (@campuscodi) May 22, 2020<\/a><\/p><\/blockquote>\n