Re-appearing ransomware Ryuk has developed a new skill: a worm-like capability to encrypt entire networks. The latest version of Ryuk brings along the ability to hop from system to system within a compromised network. The notorious ransomware was first detected in 2018, according to the French National Cyber Security Agency known as ANSSI. ANSSI states that Ryuk ransomware is a variant of the Hermes 2.1 ransomware. ANSSI discovered the renowned ransomware new trick after responding to an incident sometime in early 2021.
Read the complete ANSSI report here.
Ryuk has become one of the more lucrative ransomware programs and is regularly updated and maintained. Earlier this week Universal Health Services (UHS), a Fortune 500 hospital, confirmed that it was hit by the Ryuk ransomware in September 2020, which led to an approximate loss of 67 million US dollars. The healthcare service provider employs over 90,000 people and offers services to more than 3.5 million patients every year. However, the leading healthcare service provider somehow managed to restore its most affected hospital operations systems and other systems towards the end of October, either a brilliant team of specialists or very thorough backups.
In October 2020, the US government warned of the Ryuk ransomware attacks specifically against the healthcare industry including, healthcare providers and hospitals.
How Ryuk ransomware is distributed?
Ryuk does not have the power for automatic movement to breach a network, hence the need to access via manual placement or an initial payload. Ryuk consists of a dropper that drops one of the two versions of its data encryption module on the victim’s system. The dropper then proceeds to execute the payload. After a few moments of inactivity, the ransomware looks to halt over 180 services and 40 processes, particularly those related to antivirus software, backups, and database production.
The nature of Ryuks deployment, execution methods, techniques, and procedures may vary across incidents. Looking at more recent attacks, Ryuk is believed to be distributed through malware such as TrickBot and/or the Emotet botnet. The calculated attack is customized from target to target, ensuring difficulty in removal and delays in repair.
One key tip that an organization can follow to protect itself against such attacks is to ensure the latest security updates are applied across all devices on the network as soon as the update is available. Besides, regular network backups are a must, followed by storing them off-site, in case of a worming ransomware attack just like this one. The network and data can then be recovered without paying up the ransom to the cyber criminals.
For more news and updates, visit https://blog.excellimatrix.com/
You can also reach us out on Facebook, & LinkedIn or Contact us.
