The millionaire profits put NetWalker as one of the most profitable pieces of ransomware during 2020.
Cybersecurity firm McAfee released a study showing the activities of NetWalker, a ransomware first known as Mailto that was initially discovered in August 2019.
According to the report, the operators of NetWalker have collected over $25 million from ransom payments since March 2020.
From March 1 to July 27, the group collected around 2,795 Bitcoin (BTC), purportedly making it one of the most profitable types of ransomware for cybercriminals.
According to the report, the Bitcoin transactions received by the gang — where the amount is split among several different addresses — reflects that NetWalker is a "ransomware-as-a-service" malware.
Such a maneuver implies that it has generated such a huge amount of money thanks to the affiliate revenue sharing it offers to other operators, McAfee states.
Strengthening its capabilities
McAfee notes that NetWalker operators have moved away from using legacy Bitcoin addresses to SegWit addresses, due to its faster transaction times and lower costs, suggesting a sophistication in their modus operandi after becoming a ransomware-as-a-service model.
On March 20, at least two darknet forums saw posts related to the NetWalker actors offering the ransomware with a revenue-sharing scheme to help spread the malware and make it much as profitable as possible.
Speaking to Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft, said:
"NetWalker is a big game hunter and responsible for numerous attacks on larger public sector organizations as well as private sector companies.