Close this search box.

Preventing Ransomware; The Risks, Ryuk, and What You Need To Know


With ransomware attacks becoming more common in this digital age, many consumers and businesses alike are wondering how they can be protected against these threats. Ransomware is particularly dangerous because it can lock down systems and destroy necessary data. Because the attackers’ aim is to extort money from victims, some have no choice but to pay huge sums of money for any hope of recovery. In this case, prevention is better than the cure to avoid the risk of a ransomware attack occurring. 

The greatest ransomware threat in recent times is known as RyukRyuk made its first appearance in 2018 and is named after a character from the Japanese anime/manga Death Note. Interestingly, Ryuk usually isn’t directly downloaded to a device; instead, trojans such as Emotet and Trickbot infect a device, then download the ransomware Ryuk as an additional payload. These trojans typically infect devices through social engineering tactics, such as phishing emails that include a link to a malicious website or an infected email attachment.   

 This malware typically targets enterprise systems and can permeate throughout an entire corporate network. This can result in massive data loss and loss of productivity if an entire enterprise network is locked down and data is held for ransom. Once Ryuk infects a device and is active, it encrypts all files on the affected system with the .RYK extension. A ransom note is placed in each directory titled RyukReadMe.txt that demands payment in exchange for a decryption key to regain access to stolen data. Payment is requested in bitcoins which is popular among cybercriminals since these payments cannot be tracked and are fully anonymous. 

 These kinds of ransomware attacks come in many forms and affect organisations all around the world. The healthcare industry in particular is a lucrative target for hackers who take advantage of the fact that many hospitals rely on IT systems for daily management. In early 2016, US healthcare provider MedStar Health was a victim of the Samsam ransomware. Employees found that their systems were locked down, displaying a message from hackers demanding payment of 45 bitcoin within 10 days, equivalent to US $19,000. MedStar Health chose not to pay the ransom, which meant that they did not have access to their electronic management systems or patient data among any of their hospitals or outpatient clinics. As a result, this created significant patient safety risks and many patients with life-threatening conditions had to be diverted to other hospitals for treatment. Hackers were able to exploit vulnerabilities in an application server called JBoss to carry out this attack. Even though these vulnerabilities had been discovered as early as 2010, MedStar Health had not patched their systems which allowed attackers to easily exploit this.   

 Similar ransomware attacks using Ryuk have occurred recently in Australia, targeting health services in Victoria and crippling their operations. In October 2019, several regional Victorian hospitals had lost access to their IT systems after a major ransomware attack. Some of the information that was lost included patient data such as medical charts and histories, which disrupted critical medical services and delayed treatment. Even though earlier in the year several Victorian health services were found to be highly vulnerable to cyberattacks, cybercriminals were still able to exploit these risks and launch widespread attacks.  

 Many of these kinds of threats can be prevented by patching vulnerabilities and implementing stronger security controls to mitigate these risks. Additionally, organisations must be prepared for the worstcase scenario by creating backups of critical data and regularly testing these. If you need any advice on creating the best security solution for your business, contact Gridware and we can help you.  


Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →