Ryuk is arguably the most evolved form of ransomware around today, named after a character in the manga series Death Note. The actors behind Ryuk typically target organizations that cannot withstand any downtime, such as newspapers, municipalities,and utilities, to increase the likelihood of payment, and demand six- and seven-figure ransom payments.
To get around anti-ransomware technologies, these active adversaries combine advanced attack techniques with interactive, hands-on hacking. Ryuk attacks often start with a spam email containing a malicious attachment. The attachment triggers an Emotet or TrickBot attack, which enables the cyber criminals to get on the victim’s network.
Once inside the network, the hackers steal credentials and escalate their privileges until they create a new admin user. With their escalated admin privileges in place, the hackers move laterally around the network using multiple techniques including Remote Desktop Protocol (RDP), survey the Active Directory, and delete any backups.
With the victim’s safety net out of the way, they attempt to disable cyber security products before finally releasing the Ryuk ransomware, encrypting files and demanding huge ransom payments.
The big lesson we can take from looking at the history of ransomware is that cyber criminals will continue to exploit changes in technology and society to inflict their\ ransomware attacks. In essence, ransomware is going to keep evolving. With that in mind, let’s explore three new areas where the dirty tentacles of ransomware are starting to reach, driven by the opportunities presented by technology advances