Traces of defunct Netwalker ransomware emerge in Alpha ransomware

One year after its emergence in the threat landscape, Alpha ransomware has been discovered to resemble the Netwalker ransomware-as-a-service operation that was dismantled in January 2021, BleepingComputer reports.

Aside from leveraging a similar PowerShell-based malware loader, both Alpha and Netwalker have comparable payload coding, file configurations, system API calling, and self-deletion capabilities, as well as the same payment portal message, according to a Symantec report. Significant overlaps between the two ransomware gangs indicate that Alpha may be a revival of Netwalker or that a new threat group has obtained Netwalker's code for its operations. Such findings come weeks after the increasing sophistication of Alpha ransomware was noted by Netenrich researchers, who reported that the latest iteration of the ransomware has been marking encrypted files with a random eight-character alphanumeric extension and establishing communications through a messaging service. Organizations impacted by Alpha ransomware have been demanded to pay ransoms ranging from over $13,000 to $100,000 worth of Bitcoin, said Netenrich.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.