Ryuk Ransomware

It is important to first know what ransomware is, mainly a malicious software that when installed on a computer or device, locks the system and asks for a ransom (usually in cryptocurrencies) to release it. As the name suggests, ransomware acts as a kind of “data hijacker”. If the ransom is not paid, the virus can delete or spread the files captured by the infection all over the Internet.

Technology is evolving and along with it the dependence that companies have on their software and systems to keep their operations running has increased. Therefore, all this evolution brings with it a certain vulnerability, which is explored by malicious individuals who illegally seek to hack into companies. In this context, ransomware attacks become a recurring problem.

 What is Ryuk Ransomware?

Ryuk is the name of a ransomware family, first discovered in August 2018. In the good old days, we knew Ryuk only as a fictional character from a popular goofy book and Japanese cartoon series, but now we know it as one of the nastiest ransomware families that have haunted systems around the world.

   Let’s start by defining ransomware in general. It is a rubric of malware that locks your threads or systems and holds them hostage. Ryuk is a type of ransomware used in targeted attacks, where the actors in the trap make sure that essential strings are not decrypted so that they can demand large amounts of money. A typical Ryuk security demand can amount to hundreds of thousands of dollars.

How Does Ryuk Work?

    Ryuk is one of the first ransomware families to include the ability to identify and decrypt network drives and pockets, as well as remove shadow reduplications on the endpoint. This means that hackers can disable Windows System Restore, making it impossible to recover files if there is an attack and you don’t have external backups or rollback technology.

Who created Ryuk?

  Knowing the origin of malware is always difficult. However, Deloitte Argentina researchers Gabriela Nicolao and Luciano Martins attributed the Ryuk ransomware to CryptoTech, a small cybercriminal group given that it was observed hawking Hermes2.1 on an underground forum back in August 2017. Hermes2.1, according to experts, is another name for Ryuk ransomware.

    Ryuk targets tend to be high-profile, where attackers know they are likely to receive payment for their high ransom demands. Victims include EMCOR, UHS hospitals and various magazines. By targeting these individuals, Ryuk is estimated to have generated $61 million for its boosters between February 2018 and October 2019.

  As with multiple malware attacks, the delivery methodology is spam emails. These emails are packaged hourly from a fake address so that the sender’s name does not generate distrust.

   A typical Ryuk attack begins when the victim opens a weaponized Microsoft Office document attached to a phishing email. Upon opening the document, a macro executes a PowerShell command that attempts to download the Emotet banking Trojan. This Trojan has the competence to download fresh malware onto an infected machine that retrieves and executes Trickbot, whose main landing is spyware. This collects administrator credentials, which allows the assailants to move across the width of critical network-connected substances. The attack chain concludes when the attackers execute Ryuk on each of these hosts.

   So, once their network has been offended, the raiders decide whether they suppose it’s worth the sweat to continue exploring and rolling up the network. However, they’ll either curl the curl with Ryuk ransomware, if they have enough juice to demand a hefty sum.

 How can I Protect Myself Against Ryuk?

The first step in protecting yourself against any ransomware attack is to invest in anti-malware/antivirus protection, soon one that offers real-time protection designed to thwart advanced malware attacks comparable to ransomware. You should also look for features that both buckle vulnerable programs from imminence (anti-exploit technology), as well as block ransomware from holding hostage signals (an anti-ransomware component). Some anti-malware answers offer rollback technology, especially designed to combat ransomware gear.

Written by:

Bladimir Duarte


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe To Our Magazine

Download Our Magazine