The website for a public health department in Illinois went down after the agency suffered a NetWalker ransomware attack. According to local media reports, officials at the Champaign-Urbana Public Health District (C-UPHD) became aware of the ransomware attack on March 10 when the department's website went down. It took the agency, which serves 210,000 people in central Illinois, just a few hours to determine that malicious actors had targeted C-UPHD with NetWalker. Otherwise known as Mailto, NetWalker attracted the attention of Bleeping Computer in February 2020 after the computer self-help site learned from its sources that the threat was specifically targeting entire networks and encrypting all of the Windows devices connected to them. NetWalker then demanded large ransom amounts from their victims in exchange for helping them recover their networks.
The Mailto/NetWalker ransom note. (Source: Bleeping Computer) After detecting the ransomware, C-UPHD notified the FBI and the Department of Homeland Security about the attack. It also began working with a consulting firm to investigate what had happened and to restore the availability of its website. The department's website was back online as of this writing. The restoration of C-UPHD's website couldn't come soon enough in light of the ongoing COVID-19 pandemic. On March 13, NBC Chicago reported the emergence of seven new confirmed cases of the virus. These instances brought Illinois' total number of coronavirus cases to 32. Administrator Julie Pryde said it's been C-UPHD's goal to continue to provide the public with updates about COVID-19 despite the attack by using its Facebook page and local media outlets. “The public needs to know it’s being taken care of, and we’re still functioning,” she said. “There are few companies that must always operate. Public health districts in the midst of a pandemic is one of them.” In addition to illuminating their gross apathy for public safety in times of crisis, the above attack underscores digital criminals' ongoing efforts to target organizations with ransomware. Organizations should therefore use this resource to prevent a ransomware infection in the first place.