A few weeks ago, a hospital in a small region of Spain was the victim of a cybersecurity incident that disabled a part of its IT infrastructure. According to specialists in a malware analysis course course, this was the first cyberattack affecting a Spanish hospital, at least until now.
Reports similar to this have appeared over the past few days, turning on alarms among the authorities. Finally, the Deputy Director of the National Police revealed the identification of NetWalker, a new variant of ransomware capable of completely disabling the entire computer infrastructure of thousands of Spanish hospitals.
Authorities launched this alert just a few
hours ago, recommending staff working in these institutions to be careful with
any possible malicious email or website, as it is a matter of a matter of
seconds for malware to infiltrate a system affected, as mentioned by the
malware analysis course specialists.
In addition, a report from security firm Kaspersky
mentions that this is a new version of a ransomware variant known as Kokoklock,
in addition to the Mailto malware.
According to the report, threat actors employ a simple social engineering
campaign to engage victims with a malicious link, attachment, or website.
On the other hand, the Spanish authorities, in
collaboration with instructors from a malware analysis course, ensured that the
main vector of attack in this country is the sending of emails with malicious
files attached, noted that most of Antivirus tools cannot identify the threat
until it is too late.
As if that were not enough, this threat has
already transcended the borders of the European country. Several health
institutions in Illinois have reported cases of NetWalker infection, making it
difficult to combat the global coronavirus/COVID-19 outbreak.
After completing the target system infection,
the malware displays a ransom note demanding a payment for an unreleased sum.
According to the International Institute of Cyber Security (IICS), it is not
advisable to negotiate a payment with hackers, as there is no guarantee that
threat actors will meet their part of the deal, so user information could be
In addition, due to its low cost and low
complexity, ransomware infection campaigns remain one of the main cybersecurity
risks for users in general, so it is recommended to take forecasts, such as
implementing email filters and backup files.