Ryuk ransomware
Cyberattacks are becoming increasingly common these days, particularly ransomware.
Like other cyberattacks of its kind, this attack involves stealing personal data from infected computers.
This is malware hidden within a malicious email that, once opened, encrypts your data and blocks access to it. The cybercriminals demand a ransom in cryptocurrency in exchange for decrypting your data, which is how this attack gets its name.
Let’s continue our investigation, this time focusing onthe notoriousRyuk ransomware. It looks set to remain in the headlines, having already raked in $3.7 million in Bitcoin since its emergence.
First detected in August 2018, this malware employs new tactics:
This time, cybercriminals aren’t spreadingmalware to just any computer. Instead, they spend months infiltrating corporate networks very discreetly. This allows them to determine exactly what strategy to use to attack the most lucrative targets—those most likely to pay large ransoms.
According to researchers at CrowdStrike (an American company specializing in cybersecurity technologies), the “Grim Spider” hacking group behind this attack used a Trojan horse. The TrickBot Trojan infiltrates targeted machines via a malicious file attached to a phishing email.
Typically hidden within an Excel spreadsheet, this malware targets a specific individual via email. If the recipient opens the attachment, they activate the document’s malicious content.
Who is behind the Ryuk ransomware?
The Ryuk ransomware is believed to include a "kill switch" that activates based solely on the victim's location—a tactic that is fairly common in the world of cybercrime. This way, hackers avoid shooting themselves in the foot. Additionally, CrowdStrike claims to have identified some Russian language elements in the code, as well as a suspicious download originating from Moscow.
