New Ominous Ransomware Capable of Encrypting Your Network

The latest version of Ryuk ransomware now has the capability to multiply itself around infected networks, potentially making it even more dangerous than it was before. In case you are unfamiliar with its name, Ryuk has become ubiquitous amongst cyber criminals who have extorted an estimated $150 million worldwide in bitcoin ransom payments.

How does it work?  Ryuk is capable of encrypting a network, rendering all systems useless. The crooks behind the attack then stipulate a payment in exchange for the all-important decryption key. This payment, based on the size and scope of the victim’s network, can sometimes run into millions of dollars. Not surprisingly, Ryuk’s ransomware is in great demand by these cyber blackmailers and so it’s periodically updated to preserve its value.

The most recent Ryuk ransomware version is capable of replicating itself over a local network via something called Wake-on-LAN.  It permits Windows computers to be remotely activated by another computer using the same network. As a result, this virus update transforms the Ryuk software into something much more dangerous.

One of the major targets for ransomware are hospitals. Even more so due to the ongoing pandemic, hospitals require immediate access to its networks critical for efficacious patient care. When ransomware enters the picture, many hospitals succumb to outrageous monetary demands even though there are no assurances that the network will be returned to its original state.

One final reminder: Ryuk is frequently presented to its victims as the final phase of multi-phase attacks, by networks initially compromised via phishing attacks from the likes of Trickbot, Emotet or BazarLoader.  Once compromised, these networks are then forwarded to the Ryuk scammers who then infect them with ransomware.

Ryuk ransomware is especially targeted at networks who have been reluctant in applying malware patches against known weaknesses. If there is one major lesson to be learned from these punishing cyber-attacks, it’s to confirm the latest security updates have been installed across the network—particularly just after a release where there might be some glaring exposures.

It’s not too late: It’s prudent to regularly backup the network and store those backups offline.  If these procedures are habitually followed, the network will be recovered without the need to ever surrender to outrageous monetary demands.