netwalker
1 incidentes
1 paises
1 sectores
ransomware RU Ultimo: 2026-06-25
Aliases: KoKo, Mailto, Circus Spider, Koko, Kazakavkovkiz
Netwalker is a Ransomware-as-a-Service (RaaS) operation that emerged in August 2019, initially known as Mailto, and gained significant prominence by March 2020 following its shift to an affiliate-based model. Operated by a Russian-speaking cybercrime group known as Circus Spider, Netwalker's primary motivation was financial gain through large ransom payments. This group notably enforced a rule prohibiting attacks against organizations within Russia and the Commonwealth of Independent States. It distinguished itself by aggressively leveraging the COVID-19 pandemic, specifically targeting healthcare and educational institutions with themed phishing campaigns, and by implementing a highly profitable RaaS model where affiliates received up to 80-84% of ransom payouts. The group's core operations were largely disrupted in January 2021 following a coordinated international law enforcement action.
RansomLook pivots
Data, inteligencia y referencias externas para contrastar actividad ransomware del actor.
Paises afectados
United States (1)Paises objetivo (SOCRadar)
Antigua and Barbuda
Argentina
Austria
Australia
Canada
Czech Republic
Germany
Spain
France
United Kingdom
ArgentinaAustriaAustraliaCanadaCzech RepublicGermanySpainFranceUnited KingdomSectores atacados
Healthcare (1)
Sectores objetivo (SOCRadar)
Construction of BuildingsHospitalsEnterprises & HoldingAccommodationManufacturingConstructionElectrical Equipment, Appliance, and Component ManufacturingPublic AdministrationOil & GasEducational Services