Cybercriminals linked to the NetWalker ransomware have reappeared under the new name “Alpha.” Since February 2023, Alpha has been operating quietly, but recent weeks have seen a significant increase in its activities.

The attackers behind Alpha have been using various living-off-the-land tools in their cyberattacks. Among the tools employed are Taskkill, PsExec, Net.exe, and Reg.exe, all of which are commonly used by cybercriminals to carry out malicious activities.

NetWalker, the precursor to Alpha, was known for its targeted ransomware attacks, which involved encrypting entire networks to extort money. Despite previous law enforcement interventions and a period of inactivity, Alpha’s emergence suggests a potential connection to the original NetWalker ransomware. Security experts speculate that Alpha may be a resurrection of the NetWalker operation by its original developers or that the attackers behind Alpha have acquired and repurposed the NetWalker payload for their new ransomware operation.

Symantec, a leading cybersecurity company, has issued protection updates for defending against Alpha. Additionally, Symantec Endpoint products are equipped to detect and block malicious indicators of compromise related to Alpha’s ransomware operations.

The re-emergence of cybercriminals associated with the notorious NetWalker ransomware as Alpha highlights the evolving nature of cyber threats and the importance of proactively safeguarding against such attacks.


Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles