NetWalker, a malware team, has launched a ransomware attack against the Austrian village of Weiz, as this attack affected the public service system and leaked some of the stolen data from building applications and inspections.
However, the subject of the emails “information about the coronavirus” was used to bait employees of Weiz’s public infrastructure into clicking on malicious links, triggering the ransomware.
According to Panda Security, the attack belongs to a relatively new version of a ransomware family, which spreads using VBScripts.
Panda Security unveiled a targeted ransomware attack against the public services infrastructure of a small village in Austria https://t.co/fSQCeaG7vM — Cointelegraph (@Cointelegraph) May 31, 2020
It has been analyzed that if the infection is successful, it spreads throughout the entire Windows network to which the infected machine is connected.
The report states that the ransomware terminates processes and services under Windows, encrypts files on all available disks, and eliminates backups.
As Weiz is a small village, which is considered to be the economic center of the Oststeiermark region (located a few kilometers from the city of Graz), it is also the place where several big companies, like automaker Magna and construction companies Strobl Construction and Lieb-Bau-Weiz have established their production plants.
This may indicate that the attack was not random, but instead directed to a specific objective.
Recently, NetWalker Group has authored several attacks targeting the healthcare sector across the globe.
Thus, on March 25, an attack was perpetrated against hospitals in Spain, which also used phishing e-mails to deploy ransomware to targeted systems.