Cybercriminals recently used Ryuk ransomware to collect at least $640,000 in Bitcoin from global organizations over a two-week span, according to master MSSP Perch Security.
Perch, backed by ConnectWise and Fishtech Group, develops various monitoring and early warning systems to help channel partners minimize security threats facing their end-customers.
Hackers launched a Ryuk ransomware campaign against global organizations in August, Perch indicated. They used network mapping, network compromise and credential theft in conjunction with Ryuk ransomware to encrypt victims' PCs and storage and data centers and demanded Bitcoin ransoms.
Ryuk is used "exclusively for tailored attacks," network and endpoint security software provider Check Point Software Technologies stated. It ensures that crucial assets and resources are infected in a targeted network; meanwhile, cybercriminals carry out the ransomware's infection and distribution.
During a Ryuk attack, the ransomware sweeps every drive and network across a victim's system, Check Point said. It then encrypts every system file and directory except for any file or directory that contains text from a hardcoded whitelist.
Cybercriminals have used multiple versions of ransom notes during Ryuk campaigns, according to Check Point. The highest recorded payment to date from a Ryuk attack was 50 Bitcoin (approximately $320,000), and other Ryuk attacks have resulted in ransom payments that range between 15 and 35 Bitcoin (up to $224,000).
How to Address Ryuk Ransomware Attacks
Cybercriminals have already used Ryuk to launch successful ransomware attacks against global organizations. As such, they likely will continue to use Ryuk to deploy ransomware attacks in the foreseeable future.
Perch offered the following recommendations to mitigate Ryuk ransomware attacks:
The number of ransomware attacks tripled across all industries in 2017, according to artificial intelligence-based advanced threat prevention solutions provider Cylance. However, MSSPs can help organizations identify and address Ryuk and other ransomware attacks.
How Can MSSPs Help Organizations Address Ransomware Attacks?
MSSPs can help organizations address ransomware attacks and other cyber threats in several ways, including:
MSSPs can help organizations minimize the risks associated with ransomware and other cyber threats. By doing so, they could increase their revenues and accelerate their growth.