On January 27, 2021 a seizure notice was released against the NetWalker ransomware gang and all the NetWalker websites got seized. Netwalker is a Ransomware-as-a-Service (RaaS) operation where they rent the malware and surrounding services to affiliates who carry out the actual attacks in return for a 60-75% share of ransom payments. NetWalker first came to action in the year 2019 and since then it has impacted numerous types of victims. In 2020, amid the COVID-19 pandemic but it has made healthcare targets a particular focus and allegedly has extorted $27.6 million from ransomware victims, mostly in the healthcare sector.
The seizure notice indicates that the takedown was conducted by the US DOJ, the FBI, Bulgarian National Investigation Service, and Bulgaria’s General Directorate Combating Organized Crime. The notice states “The action has been taken in coordination with the United States Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice, with substantial assistance from the Bulgarian National Investigation Service and General Directorate Combating Organized Crime,” the website seizure notice reads.
However it is not known if the law enforcement was able to retrieve the description keys from the ransomware operators, but getting access to these keys will be a big achievement as several victims will be able to recover their files for free.