New Ryuk Ransomware variant spreads through Microsoft Windows environments

Ryuk ransomware has been seen in the wild for almost 3 years now. Much like legitimate software and utilities it has also seen updates and added features along the way. The French CERT (National Cyber-Security Agency) found this new strain during their investigation into an attack earlier this year. Ryuk ransomware has been the source for many large scale compromises, many of which are in the healthcare realm. Last year, one particular victim paid out $34 million in ransom.

This particular version can spread itself via the local area network (LAN) using a combination of discovering network shares and creating scheduled tasks using built-in Windows utilities. This particular behaviour means that multiple machines can be compromised, and all their data encrypted, very efficiently.

Though the effects on the local network can be devastating; it still has to get into the network and behind your IT security. Most commonly, this is still through phishing emails targeting the end user. Computer security systems are hard to crack. This is why bad actors target the user. Now, more than ever, it is important that we be vigilant and watch for anything that seems unusual or “off” when we carry on with our daily work.

Secondly, backup and disaster recovery plans and processes are vital. These must always include an offsite component. Many of the ransomware variants specifically target on-site backup tools and storage.

Be vigilant, be careful and question anything out of the ordinary. Contact our iBIT service team to verify your organization has the appropriate training and tools to keep you safe!