Ryuk Ransomware Now Worms Way Into Other Network Devices

A new variant of Ryuk ransomware has been found by a French cyber-security agency. This particular strain allows the malware to propagate itself to other machines within the Window’s domain.

For those not in the know, a ransomware breach occurs when an attacker encrypts your files until you pay them a ransom. These usually occur via phishing e-mails or other social engineering tactics that get you to click on a link or download a file so the hacker has access to your network.

While this type of malware attack is common, it’s imperative to know that if you’re a victim of a ransomware attack, never give into a hacker’s demands and pay the ransom. There’s no guarantee that your files will be decrypted, and it encourages a malicious entity to continue committing more cyber attacks.

As far as Ryuk is concerned, they’re one of the largest ransomware-as-a-service (RaaS) groups, with affiliates attacking 20 organizations a week on average. They commonly utilize phishing attacks as a way to get infection vectors into a target’s network. They’re behind a large wave of attacks that hit the United States healthcare system at the end of 2020.

The way this specific attack replicates itself is different to past strains of malware. It starts by listing all IP addresses in the local ARP cache and sends what appears to be a Wake-on-LAN (WOL) packet to any discoverable devices. Then the ransomware mounts all sharing resources found for the device so it can encrypt its contents. It can remotely execute using scheduled tasks created on a compromised network with the help of the schtasks.exe Windows tool.

To prevent a malware attack, you’ll likely need a few different layers of protection in place to lower your risk and alert you of an incoming issue. Using anti-virus protection and 24/7 monitoring services are a great way to notify you of a situation before it becomes a problem, so you don’t wind up a victim of a new strain of virus.