In 2019, ransomware was one of the great protagonists of cybercrime. Companies and official organizations around the world were affected by cyberattacks that used this form of cybercrime to encrypt their files and demand a ransom. These waves of ransomware used a range of variants to carry out these attacks. However, there is a variant that was used then, and that is still seen today, like the one we will see today. Ryuk is one of the most notorious ransomware variants of recent years. Since it first appeared in summer 2018.
Hackers often adapt and improve attacks to achieve their goal. It is true that we can currently have a wide variety of defensive tools, such as antivirus, browser extensions, firewalls … But attackers also improve the way they infect systems.
In this case, new techniques from the Ryuk ransomware makers are targeting remote desktop connections to a greater extent. It is a reality that in recent months everything remote has gained greater importance. Following the mode of operation of the rest of the ransomware, when the encryption of the files of its victims is finished, Ryuk leaves a ransom note indicating that, to recover the files, it is necessary to make a payment of bitcoins by contacting the indicated address.
In the sample analyzed by Panda Security, Ryuk reached the systems through a remote connection achieved in an RDP attack. The malicious actor managed to log in remotely. Once he was able to log in, he created an executable with the sample. Ryuk, like other malware, tries to stay on our system for as long as possible. One of its systems to achieve this is to create executables and launch them in secret. In order to encrypt the victim’s files, you also need to have privileges.
At this point, it’s time to give some tips to avoid being victims of Ryuk ransomware and any other variety that could put our security and privacy at risk. We are going to give some basic recommendations.
Without a doubt and as we always say, the most important thing is common sense. We have seen that in many cases the technique used consists of carrying out a Phishing attack. We must avoid accessing links that may be dangerous or downloading e-mail attachments that we cannot trust.
It will also be essential to have the systems updated. In the case of Ryuk ransomware, it is based on many vulnerabilities that are present in the remote desktop, Windows and other applications that we use. We must always have the patches and updates available.
Other reads:
EtterSilent tool used by cybercriminals
Pysa Ransomware – A Danger for your data
[…] reads:Ryuk is a Ransomware that attacks companiesPysa Ransomware – A Danger for your […]