Ryuk ransomware, a malware program believed to have been utilized in a hijack for a bitcoin-mining botnet that attacked enterprises worldwide is a complex twist on a corrupt and classic malware.
Once Ryuk ransomware gets into a network, it automatically spreads from node to node, PC to PC, encrypting significant files along the way with an unbreakable code. Try to access the encoded information, and the Ryuk ransomware presents a ransom note:
“Store bitcoin into an anonymous wallet and get a key to decrypt your whole system. Decline to pay, and the files remain locked for good.”
The name of Ryuk ransomware seems to be a reference to a character in the well-known manga and anime series “Death Note.” In the comics, Ryuk is an evil spirit who, bored with his immortality, chooses to bring into the world a journal that enables its discoverer to kill anybody by writing their name.
Most ransomware attacks originate from programs that target countless individuals with infected links or attachments and then request for a little amount of money to open the PCs.
How Ryuk Is Similar To Hermes?
The Ryuk Ransomware hasn’t been broadly distributed, showing that cautious planning is behind attacks against specific organizations.
But while the Ryuk ransomware campaign is new, analysts have found that the code is actually the same as another type of ransomware, the Hermes ransomware.
Hermes ransomware has been associated with attacks directed by the North Korean Lazarus hacking group, including when it was used as a diversion for a $60m cyberheist against the Far Eastern International Bank in Taiwan.
Analysts inspecting Ryuk ransomware’s encryption logic have discovered it looks like Hermes to such a degree that it still references Hermes inside the code and that the various instructions and standards are the same in both types of malware, showing identical source codes.
That’ s drove us to two potential conclusions: Ryuk Ransomware is crafted by a cybercriminal who has some way or another accessed the Hermes source code, or Ryuk Ransomware might be a case of North Korean programmers re-using code to lead a new campaign.
In either case, the specifically targeted attacks and the reconnaissance required in order to conduct them recommends that those behind Ryuk ransomware have sufficient time and assets important to do the campaign. Analysts warn that more attacks will come.
How Ryuk Ransomware Infects?
The Ryuk Ransomware infects large enterprises after they were recently tainted by discrete malware.
In most cases, enterprises are first infected with a powerful trojan called Trickbot. However, smaller enterprises infected by Trickbot rarely suffer as much as their bigger counterparts.
Security firms call the methodology used by Ryuk ransomware as “big-game hunting” and so far its strategies have allowed cybercriminals to generate $3.7m worth of Bitcoin from 52 transactions.
What sets Ryuk Ransomware apart from different strains of ransomware is its dwell time. During the period between the installation and the initial contamination of the Ryuk ransomware, cybercriminals have a lot of time to perform reconnaissance inside an infected network which lets them boost the damage done by targeting critical systems after first getting their passwords.
How to be Protected from Ryuk Ransomware Attack?
To secure your enterprise, consider these means:
- Disable Remote Desktop on each PC on your network.
- Where you can’t remove Remote Desktop Protocol, replace it with a safe third-party version that gives two-factor authentication.
- Require two-factor authentication for any progressions to your network devices. Impose a password management approach on your network.
- Ensure your backups don’t use disk letters or whatever other technique that permits access through the OS.
- Finally, test the capacity to recover your files to confirm that you have a backup you can use. At that point, store those backups off-site in a physical vault or in a cloud location.
Antivirus software and different virus protection are both core parts enterprises should be using to secure themselves, but they’re not impenetrable. Ryuk ransomware is capable of filtering for and crippling an assortment of antivirus software. To combat that risk, you should guarantee you’re utilizing antivirus and other tools that furnish you with clear visibility into your networks and can advise you with alerts when suspicious activity is in progress.
Ryuk ransomware is a case of its developing prominence with cybercriminals. Security firms expect that these activities will keep on picking up because of the achievement these intrusion operators have had in blackmailing large sums from victim enterprises.