Uploaded by Edwin Cluster

RYUK Ransomware Continues to Attack U.S. Businesses

advertisement
RYUK Ransomware Continues
to Attack U.S. Businesses
23 Jul 2019
G’ SECURE LABS
security@gsecurelabs.com
1
www.gsecurelabs.com
www.gsecurelabs.com
Ransomware has always given sudden quake by attacking the data of many businesses.
According to Robinson & Cole from Lexology report, FBI recently flashes that RYUK
ransomware is hitting more than 100 U.S. companies. It is predicted that RYUK will leave the
damage on companies like logistics, technology, small municipalities and government
agencies.”
On May 18th, 2019 Monster Cloud’s CEO Zohar Pinhasi on WPTV said that RYUK is the new
ransomware taking down businesses and government agencies. Ryuk, which started affecting
companies in August 2018, is different from many other ransomware families, not because of
its capabilities, but because of the novel way it infects systems.
Image Credit: csoonline.com
RYYK was first seen in August 2018 and at that time at least three organizations were hit with
Ryuk infections landing the attackers about $640,000 in ransom for their efforts. Researchers
at checkpoint conducted deep analysis of this threat, and one of their findings was that Ryuk
shares many similarities with another ransomware family Hermes. Inside of both Ryuk and
Hermes, there are numerous instances of similar or identical code segments.
2
www.gsecurelabs.com
According to Flash given by FBI, when RYUK ransomware enters in your system, it deletes all
files related to intrusion so it is impossible to identify the infection vector. It is able to steal
credentials and brute forced Remote Desktop Protocols (RDPs) to gain access. After the
attacker has gained access, more network exploitation tools can be downloaded on the
victim’s system. Once RYUK gets executed, it establishes persistence in the registry, injects
into running processes, looks for network connected file systems, and starts encrypting files.
The FBI is looking for certain symptoms that includes information such as












Recovered executable file
Copies of the “readme” file—DO NOT REMOVE the file or decryption may not be
possible
Live memory (RAM) capture
Images of infected systems
Malware samples
Log files
E-mail addresses of the attackers
A copy of the ransom note
Ransom amount and whether or not the ransom was paid
Bitcoin wallets used by the attackers
Bitcoin wallets used to pay the ransom
Names of any other malware identified on your system
Copies of any communications with attackers
We at G’SecureLabs have capabilities to save you from becoming a victim. Our managed
detection and response (MDR) solutions have the ability to detect and prevent ransomware
like RYUK through behavioural patterns shown by ransomware. MDR ensures that RYUK gets
killed in very early stages of execution. This is possible with our cybersecurity professionals
using machine learning (ML), IOA against these types of malware family. If you are a victim of
a cyber-attack or ransomware, contact G’Securelabs at security@gsecurelabs.com
Industries migrate to the new age of digital transformation.
3
www.gsecurelabs.com
Global HQ
Maria Montessorilaan 5, 2719 DB Zoetermeer,
The Netherlands
India Headquarters
Pune Office
B/81, Corporate House,
Judges Bunglow Road,
Bodakdev, Ahmedabad - 380054. India.
103, Pride House, 1st Floor,
S. No. 108/7, Pune University Road,
Pune- 411016, India.
Phone : +91 79 2685 2554 / 55 / 56
E-mail : hello@gsecurelabs.com
www.gsecurelabs.com
Confidentiality Clause:
This document and any files with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
4 not the intended recipient, please destroy all copies of the document. Any unauthorized review, use, disclosure,
www.gsecurelabs.com
If you are
dissemination,
forwarding, printing or copying of this document or any action taken in reliance on this document is strictly prohibited and may be unlawful.
Copyright © Gateway Group
Download