Our Blog

Get information on Ryuk, the malware most feared by companies in 2020

Features of Ryuk, the dangerous ramsonware that attacks organizations

Since the end of 2020, several organizations around the world have been attacked by Ryuk, an extremely powerful ramsonware. It is said that at least five organizations, mainly in the oil and gas sector, have been affected by a Ryuk attack, among them one of the best known was Emcor, a company specializing in mechanical and electrical construction services, industrial and energy infrastructure, which had to shut down its IT systems because of the attack.

Ryuk is a type of ramsonware that encrypts device information and backups, including that stored in third-party applications. In order to solve this, victims only have the option of decrypting the information through a payment made by Bitcoins transfer. Basically, this type of ramsonware is aimed at large organizations and government agencies, where it can find juicy amounts.

Ryuk, the dangerous ramsonware that attacks organizations

How does Ryuk ransomware operate and why has it been so harmful for organizations? Follow our blog and we’ll tell you everything you need to know to prepare your company.

Almost all companies that have fallen victim to Ryuk report that the tactics, techniques and procedures are basically the same. It all starts with sending phishing emails, visiting an incomplete website or clicking on a random pop-up window. Bots like TrickBot and Emotet give direct access to the victim’s network. Emotet and TrickBot begin to spread laterally across the network and implement Ryuk ransomware. Emotet and TrickBot take care of stealing confidential information, making organizations vulnerable even before a Ryuk attack.  Once attackers find a suitable system, two files are loaded into a subfolder in the directory and the encryption process begins.

Ryuk, the dangerous ramsonware that attacks organizations

What makes it so dangerous?

It is said that Ryuk’s attackers have extorted more than ten times the average malware rescue, making it the “most expensive” exploit of its nature.  The malware ensures that once the system is encrypted, the encryption key is destroyed after it has served its purpose. In addition, Ryuk only encrypts the confidential and most critical data and assets for the target organization. 

How do you prevent this ransomware from attacking your organization?

This new type of ramsonware has been perfected unlike other ramsonware. So the best way not to fall victim to it is to prevent it using tools and techniques that a cybersecurity expert has mastered.

Also keep in mind that this type of ramsonware operates with numerous components that can only be found by running a full system scan with anti-spyware. This is because the decryption key needed to recover the blocked data is stored on the remote servers belonging to this ransomware. 

If you have already been a victim of a Ryunk attack in your organization and you still don’t know how to combat it, you can contact Globenet International immediately. We have highly qualified personnel specialized in Ransomware counter-attack techniques.   

Remember that you can contact us 24 hours a day, seven days a week!

Comments