Netwalker Ransomware

Netwalker ransomware is among the big ransomware groups, together with REvil Sodinokibi, LockBit. 2.0 and Conti. The group has specialized in attacks on large corporations.

The ransomware was created by the hacker group Circus Spider, which in turn is part of an even larger group, Mummy Spider. This structure shows that ransomware attacks have become a highly profitable business, attracting even more “collaborators”.

Netwalker uses tática RaaS (Ransomware as a Service) tactics a large portion of ransomware groups have used to expand their field of operation. But there are some prerequisites to be a Netwalker affiliate, such as: Networking experience; Russian speaking (specifically, they do not accept English speakers); They will not train inexperienced users; Consistent access to quality targets; Proof of experience.

In addition to RaaS tactics, the group applies double extortion tactics, this tactic goes beyond data encryption. After breaking into the victim’s system, the malware copies the files and sends them to a remote server and after that encrypts the original files.

The stolen files are used to extort and blackmail the victim, the names of the attacked companies are posted on the group’s website with a countdown. If the victim does not pay the ransom, the group threatens to delete the decryption key and release the stolen files.

But even if the victim makes the payment, there is no real guarantee that the group will send the decryption keys  or that they will not release the stolen files.

Diante disso, é necessário que a vítima procure outros meios para recuperar os arquivos, e a Digital Recovery oferece soluções exclusivas para descriptografar ransomware.

Recover files encrypted by Netwalker ransomware

Digital Recovery has been operating in the data recovery market for over 23 years, with the increase in ransomware attacks, we specialize in the recovery of encrypted files.

We can recover data encrypted by ransomware in databases, storages, virtual machines, servers, RAID systems and others.

We have developed exclusive solutions that can be applied remotely in a totally secure environment without any external interference. All solutions were developed based on the General Data Protection Regulation (GDPR).

At the end of the process the client can check the integrity of all recovered files, only after this validation that the payment is made.

All information about the processes are confidential and will be protected by the confidentiality agreement (NDA).

We can start the recovery right now. Contact one of our specialists.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Recuperar memoria flash

What is Flash Memory?

Since its invention in the 1980s, Flash memory has revolutionised digital data storage. Essential for mobile devices, digital cameras, storage units and more, it combines

READ MORE →

Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.

Discover the invisible vulnerabilities in your IT – with the 4D Pentest from Digital Recovery