Security News > 2024 > February > Alpha ransomware linked to NetWalker operation dismantled in 2021

Alpha ransomware linked to NetWalker operation dismantled in 2021
2024-02-16 16:07

Security researchers analyzing the Alpha ransomware payload and modus operandi discovered overlaps with the now-defunct Netwalker ransomware operation.

The Alpha ransomware operation emerged in February 2023 but kept a low profile, didn't promote on hacker forums, nor did its operators carry out many attacks.

A new report published today by Symantec's threat analysts links Alpha to the defunct Netwalker ransomware, based on tools and tactics, techniques, and procedures used in attacks.

Both Netwalker and Alpha ransomware use a similar PowerShell-based loader to deliver their payloads.

The above similarities indicate a strong link between NetWalker and Alpha's developers, which could either mean a revival of NetWalker under the Alpha brand or that its code is being reused by a new threat group.

Symantec notes that a new attacker could have acquired the NetWalker payload and adapted it for their ransomware operation.


News URL

https://www.bleepingcomputer.com/news/security/alpha-ransomware-linked-to-netwalker-operation-dismantled-in-2021/