The Ryuk ransomware has gained massive popularity among cyber criminals. The number of attacks detected rose from just 5.123 in Q3 2019 to over 67 million in Q3 2020, according to a security study by SonicWall.
This equates to about a third of all ransomware attacks carried out this quarter. Ryuk's explosive growth also caused the total number of ransomware attacks reported in Q3 2020 to increase by 2019 percent compared to the same period in 40.
Ryuk ransomware extremely popular
Ryuk is a sophisticated type of ransomware that is used against organizations around the world in order to lock them out of their computer networks and files until the ransom is paid. Ryuk encrypts all target files with a strong encryption based on AES-256, with the exception of files with the extensions dll, lnk, hrmlog, ini and exe. Ryuk also skips files stored in the Windows System32, Chrome, Mozilla, Internet Explorer, and Recycle Bin directories. This elimination process is believed to be intended to maintain system stability and allow victims to access a browser in order to make ransom payments. Like many ransomware, Ryuk tries to delete disk shadow copies to prevent victims from recovering their data by alternative means.
Average ransom: $ 750.000
After successful infection of the target systems, the perpetrators demand ransom in the amount of the victims' estimated ability to pay. According to researchers, the average ransom received is around $ 750.000 (paid in Bitcoin). However, the highest known payment to date is estimated at $ 34 million, submitted by an unknown company in exchange for the decryption key.
The Russian group behind the attacks is known for using highly effective manual hacking techniques and open source tools to move sideways on compromised networks. This helps cybercriminals gain access to as many administrative areas as possible and erase or cover their tracks before detonating the ransomware, with devastating consequences.
What are the targets of cyber criminals?
Cyber criminals target a wide range of sectors with Ryuk. One of the targets is health care facilities, many of which are particularly at risk. This is because hospitals and healthcare facilities often have an abundance of outdated network infrastructures that are inadequately protected against such cyber attacks.
In the past few months, attacks on hospitals around the world have caused disruption. In September 2020, an attack paralyzed computer systems at the University Hospital Düsseldorf and resulted in the death of a patient because she had to be taken to a more distant hospital instead of the nearby clinic. It is believed that Ryuk was also behind the latest ransomware attack on Universal Health Services (UHS), which operates around 400 hospitals and care centers in the US and UK, making the attack one of the largest cyber attacks in healthcare in represents the history of the United States.
What organizations can do to protect them
Tim Bandos, Chief Information Security Officer at Digital Guardian
The cybersecurity industry has already taken numerous steps to help organizations defend themselves against Ryuk's rise. For example, many Advanced Threat Protection (ATP) vendors have released free policy packs that customers can use to update their existing security tools and solutions to quickly identify suspicious network activity that indicates a potential Ryuk attack. This includes detection of mass editing of files with known Ryuk ransomware extensions, deletion of shadow volume copies, and attempts to connect to a known command and control infrastructure associated with the ransomware campaign. Additionally, organizations can take the following basic steps to strengthen their cybersecurity defenses against threats like Ryuk:
Regular data backups
Performing regular backups of all important organizational data is one of the best ways to minimize the disruption to work processes in the event of a successful attack. Keeping these backups safe off the main network prevents them from being deleted or encrypted as part of an attack.
Keep security patches up to date
As mentioned earlier, cybersecurity service providers are already well informed about Ryuk, and the vast majority have updated their products and solutions to recognize Ryuk's signature. However, these updates will not take effect until customers apply the latest security patches to their networks. It is therefore critical that such patches are installed as soon as they are released.
Educate employees about cybersecurity
Even advanced cyber threats still often rely on the most basic attack vectors, such as phishing emails and social engineering tactics. For this reason, employees should be instructed in regular training courses on how to recognize these attacks.
Ryuk poses a grave threat to organizations around the world, especially healthcare facilities, many of which are particularly vulnerable right now. It is therefore important that organizations evaluate their existing protection, identify vulnerabilities, and implement the correct fixes to minimize the risks of these attacks.
More on this at DigitalGuardian.com
Via Digital Guardian Digital Guardian offers uncompromising data security. The data protection platform provided from the cloud was specially developed to prevent data loss from insider threats and external attackers on the Windows, Mac and Linux operating systems. The Digital Guardian Data Protection Platform can be used for the entire corporate network, traditional endpoints and cloud applications. For more than 15 years, Digital Guardian has made it possible for companies with high data volumes to protect their most valuable resources using SaaS or a fully managed service. With Digital Guardian's unique policy-less data transparency and flexible controls, organizations can protect their data without slowing down their business.