Ryuk: How this Evolving Ransomware is Targeting Giant Enterprises | Cyware Alerts


Ryuk ransomware has been in the business since 2018 and is known for targeting big organizations. The ransomware is operated by a Russia-based criminal group known as Wizard Spider. Recently, Ryuk has been observed deploying BazarLoader, a trojan operated by the cybercriminal group behind Trickbot.

Quick insights

Operators of this ransomware focus only on large organizations with critical assets, in an attempt to obtain a larger ransom.

  • According to a recent report of DFIR, Ryuk ransomware only takes 29 hours to complete its attack on the target network, from initial spam email to fully compromising the targeted network, along with encryption.
  • In August, Ryuk joined the list of ransomware gangs operating their own data leak sites, where they leak data of targeted organizations who refuse to pay.
  • The same month, researchers traced millions of dollars worth of bitcoins being sent to Ryuk ransomware operators using the Binance exchange platform. This indicates the fact that the group is planning to use the money in some way.

Recent attacks

The ransomware is very active and has been targeting various organizations, mostly focusing on the healthcare sector. The attacks are spanning from North America to South Asia, along with Western Europe.

  • According to a report from Check Point and IBM, Ryuk ransomware attacks approximately twenty companies per week. The attacks are mostly observed in the U.S., India, Sri Lanka, Russia, and Turkey.
  • Last month, the ransomware operators had hit Universal Health Services, an American company that provides hospitals and healthcare services. They used phishing as an attack vector.

Ties with Trickbot operators

BazarLoader and Trickbot are operated by the same threat actors. BazarLoader trojan comes with improved detection evasion and long term infection capabilities, which suggests some tactical change in Ryuk’s strategy. This lays the groundwork for Ryuk to be deployed silently.

Conclusion

Ryuk is one of the most prominent ransomware and is looking to go even bigger. Therefore, experts suggest that organizations need to be proactive and deploy an anti-ransomware solution, along with providing training to their employees for spotting and dodging malware-laced phishing emails.



Source link

Recent articles

Biden Slams Trump Over Migrant Family Separations

Joseph R. Biden Jr. and President Trump sparred over family separations at the southern border, after an explosive report this week revealed the...

NHL 21 Review – Shift Change (PS4)

In a normal year, this would be the time when we could all look forward to our favorite players lacing up their skates...

Apollo founder’s ties to Jeffrey Epstein prompt a pension fund to halt new investments.

A pension fund for Pennsylvania teachers said it had frozen new investments with Apollo Global Management amid concerns about ties between its founder,...

Used business aircraft market boosted by first-time buyers | News

Wealthy individuals wary of travelling on commercial airlines are boosting the used business aircraft market, according to trade brokerage Jetcraft. The US company, which...

Disability Visibility: First-Person Stories from the Twenty-First Century | Review

Alice Wong (editor)Crown Books2020 | 240pp | £11.99ISBN 9781984899422 Buy this book on Amazon.co.uk A magnetar is born in a gamma-ray burst, an incredibly powerful astronomical...

Leave a reply

Please enter your comment!
Please enter your name here