Ryuk Ransomware Targets Large Businesses With Large Ransoms

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

A new ransomware, dubbed “Ryuk,” has surfaced in the last few weeks that is said to be targeting large organizations in the United States.

The attackers behind Ryuk have reportedly made over $640,000 in just two weeks, and are allegedly connected to the well-known hacking group out of North Korea—Lazarus.

According to security company Check Point, the attackers are carefully targeting large organizations that have the ability to pay large ransoms for valuable data, and are exploiting vulnerabilities in order to get a quick pay-out of large sums of Bitcoin.

The attackers conduct very specific campaigns against large companies, including mapping the organizations’ network, compromising the networks and stealing credentials in order to install Ryuk to encrypt the systems. Once the organization’s system is compromised, the victim receives one of two standard ransomware notes. One ransom note is polite and advises the company that a vulnerability in their system has resulted in the encryption of all files on the system and requests a payment in Bitcoin to get the keys to the data and reminds the victim that the attackers “are not scammers.” The message goes on to tell the victim that all files will be destroyed unless the ransom is paid (but they aren’t scammers). The victim is given an email to contact and a Bitcoin wallet address to pay the ransom.

The second ransom note is more to the point and outright threatening—files are encrypted and will be destroyed unless you pay, and here is the email to contact to pay.

What is very concerning about this new ransomware is that the ransom is very large—between 15 and 35 Bitcoin, and adding one half a Bitcoin each day the victim doesn’t pay. That is roughly $224,000. This is unusual and alarming.

Unfortunately, because the attackers have cashed in a large amount in such a short time indicates that it is a well-planned attack, that the attackers have researched their victims to determine their ability to pay the ransom, that their strategy has paid off and therefore, more will likely come. Another reason to check in with your IT folks and to invest in and test back up plans, continuity plans and disaster recovery operations.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide