Ransomware attack shuts down Austria

NetWalker, a gang of cyber criminals operating ransomware attacks, launched a devastating attack that crippled some public systems in the small Austrian town of Weiz, as well as leaking some data extracted from the applications with which public offices operate.

According to a cyber security report by Panda Security, hackers managed to penetrate the village’s public networks using phishing emails related to the health crisis.

Messages received by the attacked public servers were titled “CORONAVIRUS INFORMATION”, so Weiz employees did not hesitate to open the emails and open the attachments, triggering the encryption malware infection.

Cybersecurity specialists mention that the attack was deployed using a relatively new ransomware variant, which is spread using VBScripts. In case of successfully completing the attack, the malware spreads across the entire Windows network to which the infected device connects. Experts added that the malware is able to terminate running Windows processes and services and then encrypt the files in as many locations as possible, trying to encrypt backups as well.

Weiz is a very small village, located in the city of Oststeiermark and considered the economic center of the region. Prominent companies such as the automotive company Magna or the construction companies Strobl Construction and Lieb-Bau-Wiex have plants established in the city, so cyber security researchers consider that this is not an isolated event and that more attacks could occur in the near future.

One of the main targets of ransomware attack operators are healthcare companies and Netwalker is no exception. Last March, Spanish media revealed that a massive ransomware attack compromised the networks of multiple hospitals; on that occasion, hackers also began phishing message attacks, making it easy for them to deceive more than a dozen employees with no cybersecurity knowledge.

The authorities (such as the FBI) strongly advise ransomware victims not to pay the ransom, as sometimes hackers do not meet their part of the deal and the compromised information may be lost forever. The high costs of a cybersecurity incident recovery process have also forced multiple companies to negotiate with criminals, regardless of whether there are no guarantees for the retrieval of encrypted information.