With ransomware attacks becoming more common in this digital age, many consumers and businesses alike are wondering how they can be protected against these threats. Ransomware is particularly dangerous because it can lock down systems and destroy necessary data. Because the attackers’ aim is to extort money from victims, some have no choice but to pay huge sums of money for any hope of recovery. In this case, prevention is better than the cure to avoid the risk of a ransomware attack occurring.
The greatest ransomware threat in recent times is known as Ryuk. Ryuk made its first appearance in 2018 and is named after a character from the Japanese anime/manga Death Note. Interestingly, Ryuk usually isn’t directly downloaded to a device; instead, trojans such as Emotet and Trickbot infect a device, then download the ransomware Ryuk as an additional payload. These trojans typically infect devices through social engineering tactics, such as phishing emails that include a link to a malicious website or an infected email attachment.
This malware typically targets enterprise systems and can permeate throughout an entire corporate network. This can result in massive data loss and loss of productivity if an entire enterprise network is locked down and data is held for ransom. Once Ryuk infects a device and is active, it encrypts all files on the affected system with the .RYK extension. A ransom note is placed in each directory titled RyukReadMe.txt that demands payment in exchange for a decryption key to regain access to stolen data. Payment is requested in bitcoins which is popular among cybercriminals since these payments cannot be tracked and are fully anonymous.
These kinds of ransomware attacks come in many forms and affect organisations all around the world. The healthcare industry in particular is a lucrative target for hackers who take advantage of the fact that many hospitals rely on IT systems for daily management. In early 2016, US healthcare provider MedStar Health was a victim of the Samsam ransomware. Employees found that their systems were locked down, displaying a message from hackers demanding payment of 45 bitcoin within 10 days, equivalent to US $19,000. MedStar Health chose not to pay the ransom, which meant that they did not have access to their electronic management systems or patient data among any of their hospitals or outpatient clinics. As a result, this created significant patient safety risks and many patients with life-threatening conditions had to be diverted to other hospitals for treatment. Hackers were able to exploit vulnerabilities in an application server called JBoss to carry out this attack. Even though these vulnerabilities had been discovered as early as 2010, MedStar Health had not patched their systems which allowed attackers to easily exploit this.
Similar ransomware attacks using Ryuk have occurred recently in Australia, targeting health services in Victoria and crippling their operations. In October 2019, several regional Victorian hospitals had lost access to their IT systems after a major ransomware attack. Some of the information that was lost included patient data such as medical charts and histories, which disrupted critical medical services and delayed treatment. Even though earlier in the year several Victorian health services were found to be highly vulnerable to cyberattacks, cybercriminals were still able to exploit these risks and launch widespread attacks.
Many of these kinds of threats can be prevented by patching vulnerabilities and implementing stronger security controls to mitigate these risks. Additionally, organisations must be prepared for the worst–case scenario by creating backups of critical data and regularly testing these. If you need any advice on creating the best security solution for your business, contact Gridware and we can help you.