According to the report, the operators of NetWalker have collected over $25 million from ransom payments since March 2020.
Such a maneuver implies that it has generated such a huge amount of money thanks to the affiliate revenue sharing it offers to other operators, McAfee states.
Strengthening its capabilities
McAfee notes that NetWalker operators have moved away from using legacy Bitcoin addresses to SegWit addresses, due to its faster transaction times and lower costs, suggesting a sophistication in their modus operandi after becoming a ransomware-as-a-service model.
On March 20, at least two darknet forums saw posts related to the NetWalker actors offering the ransomware with a revenue-sharing scheme to help spread the malware and make it much as profitable as possible.
Brett Callow, threat analyst at malware lab Emsisoft, said:
“NetWalker is a big game hunter and responsible for numerous attacks on larger public sector organizations as well as private sector companies. Working out the amount ransomware groups make is exceptionally difficult and, as McAfee states, the figure of $25 million is almost certainly an underestimate. Globally, companies paid more than $25 billion in ransom demands in 2019.”
The study adds that most of the NetWalker’s targets were based in western European countries and in the United States. The group had previously announced that they won’t target hospitals due to the COVID-19 pandemic, although there have been reports to the contrary.