Ryuk Ransomware

Cybercriminals want one thing; information. After all, “information is power,” and what better way to get power than to steal sensitive information and hold it hostage? Ransomware is a common type of virus because it is highly profitable for cybercriminals. There are several different types of ransomware, each ranging in degree of damage. One piece of ransomware, known as Ryuk, seems to be responsible for a drastic increase in ransomware attacks.

What is Ransomware?

Ransomware is a specific type of malware that has one goal: to lock and encrypt any data on a victim’s computer. Most of the time, the victim must pay money, or a ransom, to a cybercriminal to restore their files. However, paying the ransom doesn’t always guarantee that your files will be restored.

Like most pieces of malware, Ryuk can enter into systems through bad links or attachments in emails.

Ryuk Ransomware

Ryuk is a highly targeted and strategic piece of ransomware. It is thought to be a particularly dangerous strain because of the high level of customization and dedication that goes into launching an attack. Unlike most ransomware attacks where hackers target as many systems as possible, these cybercriminals first try to secretly install a trojan on a computer.

The trojan secretly resides on the target system for a long period of time and acts as a spy for the hackers. Using the trojan, the hackers can monitor the system and decide if the targeted network belongs to a worthwhile or wealthy company. If the hackers want to proceed, they can use the trojan to identify the most important computers, files, and data then they deploy the Ryuk strain.

The Ransom Note

If you try to access any encrypted file, the malware opens a ransom note demanding bitcoin to decrypt all the files. There are two different versions of the ransom note; one is a surprisingly pleasant and well-phrased note while the second is a short, less detailed note. Both ransom notes are titled “RyukReadme.txt” and are written in the Notepad program.

Ransom Note 1

Ransom Note 2

“No System is Safe”

The popularity of Ryuk ransomware increased after newspaper printing presses across the country were targeted. In another instance, Ryuk attacked a city’s servers, forcing the city offline and affecting email communication with commissioners, police, and any other city staff. In the most recent Ryuk attack, a cloud service provider (CSP) was a victim after recently acquiring a data center.

Many businesses are making the move to cloud services to store and manage their data. Typically, the cloud is thought to be the most secure place. However, most of the time the cloud’s biggest vulnerability to breaches is the business’ employees. Social engineering attacks, like phishing emails, are to blame for most breaches.

If you store any of your data in the cloud, it’s not  completely out of reach from cybercriminals!

If your business currently uses cloud services, you still need to add an extra level of cybersecurity. Are you thinking about making the move to the cloud? Contact us today! We can check to see if your cloud, data, and business is protected and help you securely migrate to the cloud.