Latest Ransomware Trend: Ryuk and How to Respond


The latest form of ransomware plaguing victims is a malicious software called Ryuk. Since it first popped up last year, Ryuk has quickly become the most common form of ransomware, making up 24% of attacks in the second quarter of 2019 – compared to 18% in the first quarter. Globally, both public and private organizations have had to deal the vicious cyberattacks. Recently, a number of U.S. cities have found themselves in a tough situation – pay a hefty fee or lose all of their data. Some have paid upwards of $400,000 for the release of their data while others have been able to fend off the attacks.

Read More: Phoenix Data Protection

What is Ryuk?

In the past, ransomware hackers regularly targeted single computers and demanded payments of less than $1,000. Often, victims may not know what’s happening until their data has already been locked, and they find a note explaining what to do to unlock the data. Ryuk is different in that it is used to attack larger networks for much bigger ransoms.

Ryuk is part of an increasing pattern that involves ransomware criminals attacking enterprises instead of individuals. Born out of previous type of ransomware called Hermes, Ryuk is especially debilitating in that it can jump firewalls to penetrate backup servers. Ryuk ransom letters often warn “no system is safe”. Recent attacks have left victims without access to email, files, internet, etc.

Read More: How to Safeguard Your Business Data [Infographic]

How to Respond to a Ransomware Attack

If you believe you or your organization have been targeted by a ransomware attack, here are some of the steps you should take:

1. Alert your IT department

There may be potential to halt the attack if it is still in the early stages. Stopping the attack early could prevent the encryption of all of your data or prevent the attack from penetrating backup files. Even if the attack can’t be stopped, your IT department will want to start investigating the attack and attempting to recover files and rebuild servers as early as possible.

2. Alert the FBI

The FBI encourages any victim of a ransomware attack to alert the FBI of the attack before responding to the attackers. The FBI compiles all information on attacks all over the U.S. so they can make targeted efforts to track down the criminals responsible and prevent future attacks.

3. Don’t Pay the Ransom

The FBI advises against paying any ransom. This is because even after ransom payment, there’s a chance the encryption keys provided may not work or you may never hear from the criminals again either way. Additionally, the FBI notes that paying the ransom does nothing to prevent future attacks and, if anything, only encourages more attacks.

However, paying the ransom may be a business’s only option to retrieve the locked data. Not paying the ransom likely means losing irreplaceable data, replacing equipment, and starting over, which will most likely take longer and cost more than paying the ransom.

When it comes down to it, every victim has to evaluate their situation and respond in the way that’s best for them depending on what data is missing and what can be restored with backups.

Protect Against Ransomware Attacks

While ransomware attacks happen every day all across the U.S., there are steps you can take to protect your data and systems. For example, the FBI recommends more frequent security patch updates and maintaining secure backup files.

Read More: 6-Step Ransomware Prevention Plan

If you’re interested in proactively preventing ransomware attacks and protecting your data and systems, Intellithought’s Phoenix Data Protection Plan can help. Contact us with any questions or to get started.

More in , ,