According to research by Advanced Intelligence, LLC, the Netwalker ransomware group is shifting focus away from infecting targets through spam. Instead, the group has begun to adopt a Ransomware-as-a-Service (RaaS) model targeting larger networks with exclusive affiliates for splitting up the work. Forum posts by the group have indicated that they are looking for specialists in network intrusions, privilege escalation and network reconnaissance to join their affiliate network. To sweeten the deal, the group is even offering up to 80% of payments to the affiliates, leaving 20% for itself. This deal is likely to be seen as a very attractive one compared to the 40/60 or 30/70 splits offered by other RaaS operators. To go even further, the group will allow 84% if the previous week’s earnings go beyond $300K. NetWalker has also started exfiltrating data from victims to post on its blog, continuing the worrying trend of extorting ransomware victims for even more money.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in