Update: I just caught up with Lawrence Abram’s excellent reporting on this topic. Abrams’ report gives a somewhat different impression than Forbes’ headline and report. Abrams reports that Netwalker ransomware is using COVID-19 in phishing emails that install the Netwalker ransomware, but from his reporting, it does not appear that Netwalker is specifically targeting the healthcare sector. Abrams reports:
Netwalker is a ransomware formerly called Mailto that has become active recently as it targets the enterprise and government agencies. Two widely reported attacks related to Netwalker are the ones on the Toll Group and the Champaign Urbana Public Health District (CHUPD) in Illinois.
Read more on BleepingComputer.
Davey Winder reports:
Cybercriminals, who truly deserve the epithet of cyberscum, are attacking healthcare targets with a new and dangerous Windows ransomware campaign.
At the start of March, I warned how a new Windows ransomware threat was hiding in plain sight. That threat was NetWalker, and it’s now being used by cybercrime groups, who truly deserve the epithet of cyberscum, as the payload of phishing attacks. Phishing attacks that are targeting those in the healthcare sector.
Read more on Forbes.
As a small part of his reporting, Davey notes how some threat actors agreed not to target healthcare entities at this time. For follow-up on that, see my post of yesterday: Liar, Liar, Pants on Fire? Did Maze Team go back on its word to leave medically related facilities alone?