loader image

Ryuk Ransomware is a Growing Threat

With the COVID-19 pandemic continuing to have profound effects around the world, many people have become overly reliant on digital networks. Although reliance on digital networks and devices rapidly grew before COVID-19, the pandemic has accelerated the switch to entirely digital networks. Many employees are now working remotely and need to access a network, meaning there are many more with network connectivity. When employees access a company’s network from home, they lack the security measures that massive companies have in place to deter digital threats. As a result, ransomware and IoT malware attacks have greatly risen, increasing by 40% and 30% respectively, according to Help Net Security. Ransomware attacks such as Ryuk are becoming responsible for about a third of all ransomware attacks. So why is this particular type of cyber attack so effective, and what can be done to help protect yourself?

What Is Ryuk Ransomware?

Ransomware is a type of malware that locks away files or access to systems during an attack. Once important files or systems are locked by the cyber threat, hackers demand a ransom to restore access. Keeping these files hostage can be quite lucrative for the hacker, as they can often charge thousands of dollars in ransom money. Ryuk is a special family of ransomware, sophisticated enough to identify and encrypt important network files. Ryuk ransomware also has the special ability to disable Windows System Restore and limit the ability of a company to regain access to the ransomed data. As a result, Ryuk ransomware almost always forces its target to pay the ransom fee.

Who Created Ryuk?

The current form of Ryuk ransomware first appeared in late 2018, but the malware has earlier origins than that. Ryuk gets its inspiration from an older malware named Hermes, used by the famous cybercriminal group Lazarus. It is widely believed that a small Russian cybercriminal group known as CryptoTech was responsible for Ryuk’s creation.

A Ryuk ransomware attack is usually preceded by a much more common and easily identifiable attack such as TrickBot. Many companies identify these malware threats and treat them as isolated incidents, not realizing that they are a precursor for a Ryuk ransomware attack. The Trickbot trojan can install a reverse shell for the Ryuk attackers, allowing remote access to files and systems. The attackers can then gain administrative credentials and encrypt important files and data to start the ransom process.

Who Does Ryuk Target?

Due to the Ryuk family’s effectiveness, most of the targets that Ryuk attackers focus on are larger companies. These companies have extremely valuable data and possess the capital to meet steep ransom demands. As a result, Ryuk attackers engage in a practice known as “Big Game Hunting”, where they deliberately target large companies. These companies need access to their data to operate, forcing them to pay lots of money in ransom fees. As a result, Ryuk attackers are extremely effective at their scheme, generating over $61 million in just over one year.

Typical targets of Ryuk attackers include Universal Health Services (UHS) Hospitals, large newspaper companies, and big IT companies. UHS hospitals had to completely shut down systems across the U.S. temporarily to cope with an attack. With such a large and sophisticated organization falling prey to a Ryuk ransomware attack, every large company should be taking extra steps and precautions to protect themselves from this cyberthreat. 

What are Steps to Mitigate Ryuk Ransomware?

With Ryuk having the potential to do massive damage to a company’s data and resulting in thousands of dollars in ransom payments, containing the threat is critical. One of the best ways to protect against Ryuk ransomware attacks is by ensuring that your cybersecurity measures are working properly and updated. Many of the organizations that have fallen victim to Ryuk attacks have some aspects of their cybersecurity intentionally disabled. Many companies do this with the notion that firewalls and other parts of cybersecurity can slow down performance and lower efficiency. Regardless of how tempting the prospect of improved performance is, you should always ensure that your cybersecurity systems are fully operational.

Your cybersecurity personnel should always conduct a thorough investigation into any type of malware that is spotted. It’s easy to fall into the trap of thinking you have taken care of a malware threat, but not everything is as it seems. A typical threat like Trickbot may be identified and easily exterminated, but these common threats can sometimes be precursors to more serious attacks like Ryuk ransomware. If you simply believe that the threat was identified and dealt with, then you may be missing a potentially disastrous attack on your company’s network.

Additionally, your company can use simulated attacks with products such as rThreat to identify any weaknesses in your company’s cybersecurity. These simulated attacks will show you weaknesses that cyber threats can exploit, allowing you to strengthen your defenses before any real damage can be done. If you want your company to be truly safe from cyber attacks, then you need to do your due diligence when it comes to analyzing and investigating various cyber threats.

With our Breach and Attack Simulation, rThreat can help protect your business from ransomware
attacks like Ryuk through its continuous testing of cybersecurity infrastructures. Request a demo today to
learn more about how rThreat can optimize your defenses and help you protect your company.

Do you want to learn more about cybersecurity? Please subscribe to our newsletter.