Netwalker Ransomware

Netwalker ransomware is among the big ransomware groups, together with REvil Sodinokibi, LockBit. 2.0 and Conti. The group has specialized in attacks on large corporations.

The ransomware was created by the hacker group Circus Spider, which in turn is part of an even larger group, Mummy Spider. This structure shows that ransomware attacks have become a highly profitable business, attracting even more “collaborators”.

Netwalker uses tática RaaS (Ransomware as a Service) tactics a large portion of ransomware groups have used to expand their field of operation. But there are some prerequisites to be a Netwalker affiliate, such as: Networking experience; Russian speaking (specifically, they do not accept English speakers); They will not train inexperienced users; Consistent access to quality targets; Proof of experience.

In addition to RaaS tactics, the group applies double extortion tactics, this tactic goes beyond data encryption. After breaking into the victim’s system, the malware copies the files and sends them to a remote server and after that encrypts the original files.

The stolen files are used to extort and blackmail the victim, the names of the attacked companies are posted on the group’s website with a countdown. If the victim does not pay the ransom, the group threatens to delete the decryption key and release the stolen files.

But even if the victim makes the payment, there is no real guarantee that the group will send the decryption keys  or that they will not release the stolen files.

In light of this, it is necessary for the victim to look for other means to recover the files, and Digital Recovery offers unique solutions to recover files encrypted by ransomware.

Recover files encrypted by Netwalker ransomware

Digital Recovery has been operating in the data recovery market for over 23 years, with the increase in ransomware attacks, we specialize in the recovery of encrypted files.

We can recover data encrypted by ransomware in databases, storages, virtual machines, servers, RAID systems and others.

We have developed exclusive solutions that can be applied remotely in a totally secure environment without any external interference. All solutions were developed based on the General Data Protection Regulation (GDPR).

At the end of the process the client can check the integrity of all recovered files, only after this validation that the payment is made.

All information about the processes are confidential and will be protected by the confidentiality agreement (NDA).

We can start the recovery right now. Contact one of our specialists.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Ransomware AtomSilo

AtomSilo Ransomware

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.