What you should know about Ryuk ransomware

Introduction

The ransomware called Ryuk has established ransomware as a lucrative enterprise product. This sentence may sound provocative, as it is treating cybercriminals like businesspeople, but this is what Ryuk is about — making money. This strain of ransomware is estimated by Crowdstrike to have made the gang behind it over $3.7 million USD since its entry into the wild in August 2018.

Ryuk and its ransomware compatriots don’t just end in lost money and encrypted files. They also have a personal cost. Lake City, Florida, was a recent victim of the Ryuk ransomware, and the city ended up paying the $460,000 ransom. The IT Director of Lake City, Brian Hawkins, was sacked as part of the fallout from the attack — even though he had done everything in his power to prevent the infection.

So who is behind Ryuk, how does it work and how can it be stopped?

Security Awareness

Who is behind Ryuk?

According to an FBI notification, Ryuk ransomware has been found in over 100 international government and enterprise institutions. The cybercriminals behind Ryuk are following the money as they choose targets likely to have high revenues and high profiles, the hope being that they will pay up to keep the business running.

The hacking group behind Ryuk is believed to be the aptly named GRIM SPIDER. This conclusion was evidenced by CrowdStrike, with GRIM SPIDER being a cell of the larger Russian group WIZARD SPIDER. This latter group is also behind the Trojan Trickbot which, as we will see, is intrinsically linked to some Ryuk infections.

The trick in the tail

Ryuk is a tricky proposition. It uses cybercrime’s favorite technique: stealth. It can lurk in the target network for months, even up to a year according to an analysis by Crowdstrike. To do (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/dD2uIUtfZMs/