As detected by KNOW’s threat intel dashboard, Mailto Ransomware is the second most referenced malware of the last seven days.
Introduction to Mailto Ransomware
Also known as NetWalker, Mailto is an infamous ransomware. After breaching your system, Mailto encrypts all the common file types within your computer and renders them useless. The files are renamed with the attacker’s preferred email id and a file extension unique to the compromised user. As with any ransomware, Mailto uses a robust encryption algorithm that makes it impossible to unlock without the encryption key. The only way that you can get the attacker to decrypt the files is by paying a hefty ransom.
Why is Mailto trending?
As per KNOW, the reason why Mailto is trending is because of the recent Equinix hack.
Equinix is a massive data center and colocation provider, which has over 50 locations worldwide. These data centers are used to colocate their equipment or to interconnect with other ISPs and network providers. The threat actors have demanded a ransom of $4.5 million for a decryptor along with the following ransom message:
“LOOK AT THIS SCREENSHOT https://prnt.sc/[redacted]
IF YOU NOT CONTACT US WE WILL PUBLISH YOUR DATA TO PUBLIC ACCESS. YOU CAN TAKE A LOOK AT OUR BLOG [redacted]
YOU HAVE 3 DAYS TO CONTACT US OR WE WILL MAKE POST IN OUR BLOG, CONTACT ALL POSSIBLE NEWS SITES AND TELL THEM ABOUT DATA BREACH “
Industries affected by Mailto
As per KNOW, Mailto has affected the following industries:
References counted by KNOW
- Total references: 3,943
- References in the last 60 days: 1,974
- References in the last 7 days: 1,685
Context taken from KNOW
- Risk rules triggered: 4 out of 48
- Related Hashes: 2
- Vulnerabilities: CVE-2015-1701, CVE-2017-0213, CVE-2019-9081, CVE-2014-6287, CVE-2019-11510, CVE-2019-18935, CVE-2019-1458, and CVE-2020-0796.
What to do after getting hit by Mailto?
After getting hit by ransomware as devastating as Mailto, here is what you need to do:
- Stop network sharing of multiple drives and check your servers to see how much the ransomware has spread. A good practice here is to look for unique and strange file extensions.
- Now you have to hunt down the first person who reported the infection, aka patient zero. Doing this helps you determine the possible source and all the systems that have contacted them.
- Get all the infected users out of the network while you attempt to control the damage done to your network. During this time, you determine the cause of the infection and send out warnings to the uninfected members in your system.
- Ransomware attacks tend to spread very fast so fast, and decisive action is required here. If you have users reporting the threat, make sure you do whatever you can to neutralize the threat.
- Finally, you have to download some free decryption tools that match the ransomware strain. In this case, you should go and checkout for these tools at no more ransom. If you can’t find a proper decryption tool, then the only thing you can do is restore your files from a backup.
Thoughts from the Twitter-verse
Netwalker Ransomware Operators Want $4.5 Million from Data Center Giant Equinix.
World’s Largest Data Center provider Hit by Netwalker Ransomware.
Netenrich Threat and Attack Surface Intelligence
KNOW is Netenrich’s Threat Intel Platform that extracts data from billions of data points and correlates relevant intel and expert analyst insights to help you follow, search, and act—in a fraction of the time it takes now. If you want to know more about KNOW then read this.
However, Netenrich’s offering isn’t just limited to threat intelligence. We offer a powerful combination of threat and attack surface intelligence. This combo helps SecOps to:
- Find hidden risks to your brand on the public Internet
- Stay informed about threats in minutes versus hours
- Act on the most critical threats first.
- Reduce effort and alert fatigue.
- Measure and demonstrate value.
If you want to know more about Netenrich’s Attack Surface Intelligence (ASI), click here.