Security News > 2021 > May > N3TW0RM ransomware emerges in wave of cyberattacks in Israel
A new ransomware gang known as 'N3TW0RM' is targeting Israeli companies in a wave of cyberattacks starting last week.
Like other ransomware gangs, N3TW0RM has created a data leak site where they threaten to leak stolen files as a way to scare their victims into paying a ransom.
Two of the Israeli businesses, H&M Israel and Veritas Logistic's networks, have already been listed on the ransomware gang's data leak, with the threat actors already leaking data allegedly stolen during the attack on Veritas.
From the ransom notes seen by Israeli media and BleepingComputer, the ransomware gang has not been asking for particularly large ransom demands compared to other enterprise-targeting attacks.
A WhatsApp message shared among Israeli cybesrecurity researchers also states that the N3TW0RM ransomware shares some characteristics with the Pay2Key attacks conducted in November 2020 and February 2021.
N3TW0RM does it a bit differently by using a client-server model instead. From samples [VirusTotal] of the ransomware seen by BleepingComputer and discussions with Nachmias, the N3TW0RM threat actors install a program on a victim's server that will listen for connections from the workstations.