It’s almost March 2019, but the Ryuk ransomware is still going strong.
Latest reports from McAfee and Coveware claim that there are still “several” hacking groups using Ryuk to extort money out of their victims.
Ryuk has become popular after its users targeted US newspapers, but this time around, the report states that IT hosting, as well as Freight and Logistics industries, have been particularly interesting for attackers.
“IT Hosting companies are of note as the size and number of their servers can make them appear like a large organization,” it was said.
The groups behind the attack ‘have a relation with one of the post-Soviet republics’, it was said, mostly because Russian text was found in one of the encrypted files. Also, there were some cultural references being thrown around during ransom negotiations.
Researchers believe the attackers have some relation to those behind the Trickbot banking trojan.
The ransomware itself seems to descend from Hermes2.1. It’s not designed to target large corporations but still, the attackers demand 10 times more money than your average cybercrime organisations.
Usually, they start with a $145,000 demand, but some companies get a 60 per cent discount, if they can be granted negotiation privileges.
“In a world where cybercriminals are forced to constantly adapt and seek new weaknesses in systems to turn into profits, we have been observing that ransomware is once again on the rise,” commented John Fokker, Head of Cyber Investigations at McAfee.
“This is a prospect that is especially worrying given the rise of synergistic threats, where malware is written to include various malicious components with the intention of blurring the vision of the primary objective – just as a smokescreen would. As ransomware threats evolve, our advice for victims is simple: always seek professional advice when you are faced with a targeted ransomware attack such as Ryuk. A wealth of advice can also be accessed via the NoMoreRansom initiative’s website.”
Image Credit: Christiaan Colen / Flickr