Ryuk Ransomware is back

During October, the Global Cyber Security Awareness Month, Ryuk Ransomware has made a comeback. First discovered in 2018, Ryuk Ransomware gained popularity in 2019 after infecting and demanding ransoms from companies, hospitals and local governments.

Ryuk Ransomware initially targeted mostly high-profile organisations but cybercriminals behind Ryuk Ransomware have expanded their activities to get a maximum of victims. The ransomware is delivered through phishing emails containing infected MS Office files.

Once the infected file is opened, the malicious macro executes a command which downloads a trojan on the device. A series of activities are triggered including stealing of credentials of the administrator among others. The cybercriminal will then be in a position to disable the windows restore system. Subsequently, he can move laterally to critical assets connected to the network and execute the Ryuk Ransomware on other devices.

To protect your network against such attack, BIRGER. recommends:

• Update your endpoint security software with the latest signature to detect the new variant of Ryuk Ransomware.
• Keep a good backup routine in place to be able to recover your valuable data in case of an attack.
• Be extremely cautious when opening unsolicited file links since ransomware spreads through phishing emails. A cyber security awareness program will help to raise security maturity level of users.

For more information on the topic and our Cyber Security Solutions & Services, please contact us by mail security@birger.technology.

BIRGER.