Netwalker goes after College of the Nurses of Ontario Data

October 3, 2020
College of the Nurses of Ontario netwalker ransomware malware trojan

The latest news in the cyber community talks about the College of the Nurses of Ontario (CNO), was added to the piling up roster of victims by cybercriminals Netwalker. Also known as ‘Mailto,’ this cybercriminal has been busy doing its devious act that mostly targets prominent businesses, academic groups, and health institutions. Based on the research, the group was unraveled in September 2019, they have ensured that the cybersecurity experts will notice them. Speculation arose that the group may have been originated from Russia as these adversaries were traced to have their infrastructure based in Russia as well us their notation to remove Russia from the target.

The group was currently tagged as ransomware-as-a-service (RAAS). They were noticeably recruiting other cybercriminals to be their affiliate in exchange for their ransomware software, gaining percentage profit from the extortion money they may receive from the victim. They usually offered it to other adversaries that have already access to the network for a lethal and aggravating threat to the victim. Unlike another ransomware group, they were more aggressive as their risk includes posting exfiltrated data to the dark web to be monetized if blood money will not be given.

Federal Bureau of Investigation (FBI) had already released their warning about the group and possibilities of attack. The group has used the current pandemic situation to lure or bait their victim based on multiple ransomware. They included the most relevant news about Covid-19 and have an attachment embedded with their ransomware application. Once the malware has been installed, they can now encrypt their data to ask for the blood money.

However, reports received in the community confirmed that few already have been victimized, whereas CNO has been the latest.

Ontario Nurses Association (ONA), the president, expressed her disappointment powerfully as she did not have an idea of CNO’s current crisis.  Another concern is that the data are essential. If fallen to the wrong hands, it will create a great disaster as the paperwork, includes the nurses’ personal identification, is compromised.


On their official report, College of the Nurses of Ontario confirmed that there has been an attack. However, they did not specify the nature of the attack.


This results in service interruption, including Find a Nurse, Renewal, and membership application for new/old students. The company is hosting almost 2000 employees categorized as Registered Nursed, registered practical nurses, and nurse practitioners. Netwalker confirmed that they have infected the Human Resource Department. Moreover, after the issue has been discovered, College of the Nurses of Ontario reassured them that they have been in contact with many security experts to help for the restitution and immediately perform the mitigation plan and further dig deep into discovering these perpetrators.

For reminders, we must ensure that we always have an offline backup of the company’s important data, robust password management, up-to-date installed application, and, more importantly, be aware of the latest information about hacking incidents steps to avoid or mitigate its damage.

About the author

Leave a Reply