Aside from leveraging a similar PowerShell-based malware loader, both Alpha and Netwalker have comparable payload coding, file configurations, system API calling, and self-deletion capabilities, as well as the same payment portal message, according to a Symantec report. Significant overlaps between the two ransomware gangs indicate that Alpha may be a revival of Netwalker or that a new threat group has obtained Netwalker's code for its operations. Such findings come weeks after the increasing sophistication of Alpha ransomware was noted by Netenrich researchers, who reported that the latest iteration of the ransomware has been marking encrypted files with a random eight-character alphanumeric extension and establishing communications through a messaging service. Organizations impacted by Alpha ransomware have been demanded to pay ransoms ranging from over $13,000 to $100,000 worth of Bitcoin, said Netenrich.
Ransomware
Traces of defunct Netwalker ransomware emerge in Alpha ransomware
One year after its emergence in the threat landscape, Alpha ransomware has been discovered to resemble the Netwalker ransomware-as-a-service operation that was dismantled in January 2021, BleepingComputer reports.
Aside from leveraging a similar PowerShell-based malware loader, both Alpha and Netwalker have comparable payload coding, file configurations, system API calling, and self-deletion capabilities, as well as the same payment portal message, according to a Symantec report. Significant overlaps between the two ransomware gangs indicate that Alpha may be a revival of Netwalker or that a new threat group has obtained Netwalker's code for its operations. Such findings come weeks after the increasing sophistication of Alpha ransomware was noted by Netenrich researchers, who reported that the latest iteration of the ransomware has been marking encrypted files with a random eight-character alphanumeric extension and establishing communications through a messaging service. Organizations impacted by Alpha ransomware have been demanded to pay ransoms ranging from over $13,000 to $100,000 worth of Bitcoin, said Netenrich.
Aside from leveraging a similar PowerShell-based malware loader, both Alpha and Netwalker have comparable payload coding, file configurations, system API calling, and self-deletion capabilities, as well as the same payment portal message, according to a Symantec report. Significant overlaps between the two ransomware gangs indicate that Alpha may be a revival of Netwalker or that a new threat group has obtained Netwalker's code for its operations. Such findings come weeks after the increasing sophistication of Alpha ransomware was noted by Netenrich researchers, who reported that the latest iteration of the ransomware has been marking encrypted files with a random eight-character alphanumeric extension and establishing communications through a messaging service. Organizations impacted by Alpha ransomware have been demanded to pay ransoms ranging from over $13,000 to $100,000 worth of Bitcoin, said Netenrich.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds