Malware team, NetWalker, launched a ransomware attack against the Austrian village of Weiz. This attack affected the public service system and leaked some of the stolen data from building applications and inspections.
According to the cybersecurity firm, Panda Security, hackers managed to penetrate the village’s public network through phishing emails related to the COVID-19 crisis.
COVID-19 as bait to deploy the ransomware
The subject of the emails — “information about the coronavirus,” — was used to bait employees of Weiz’s public infrastructure into clicking on malicious links, thus triggering the ransomware.
Panda Security claims that the attack belongs to a relatively new version of a ransomware family, which spreads using VBScripts. If the infection is successful, it spreads throughout the entire Windows network to which the infected machine is connected.
The report details that the ransomware terminates processes and services under Windows, encrypts files on all available disks, and eliminates backups.
Location of various big companies in Austria
Weiz is a small village that is considered the economic center of the Oststeiermark region, located a few kilometers from the city of Graz.
It is also the place where several big companies, like automaker Magna and construction companies Strobl Construction and Lieb-Bau-Weiz, have established their production plants. This may indicate that the attack was not random, but instead directed to a specific objective.
Netwalker Group recently authored several attacks targeting the healthcare sector across the globe.
Cointelegraph Spanish reported an attack on March 25 which wasperpetrated against hospitals in Spain. This attack also used phishing emails to deploy ransomware to targeted systems.