Netwalker Ransomware Websites Taken By Authorities

The dark web websites of the Netwalker ransomware have been ‘seized’ by authorities from the US and Bulgaria. The websites in question now display a landing page, which states that they have been taken offline following a coordinated action against the ransomware.

The landing page states that the seizure was carried out by the US Department of Justice, the FBI, the Bulgarian Criminal Investigation Department and a Bulgarian anti-organized crime authority. “This hidden site has been seized by the Federal Bureau of Investigation as part of a concerted effort against NetWalker ransomware,” the webpage reads.

These include the Tor websites for ransom payments and the websites where victims’ data is leaked when they refuse to pay, according to BleepingComputer. Authorities have not yet shared any official information about the action. It is therefore still unclear whether decryption keys were also stolen during the action, which can be used to decrypt victims’ data.

Netwalker has been operating as a ransomware-as-a-service since the end of 2019, where criminals can purchase the ransomware from the creators, and then distribute it themselves. The criminals returned about 25 to 40 percent of the ransom payments to the creators of the ransomware, according to BleepingComputer. McAfee released a report in August in which the company stated that Netwalker has amassed about $25 million in ransom in the first five months of the ransomware’s distribution.

The landing page on Netwalker websites. Image via BleepingComputer