Ryuk-Wielding Ransom Gang Has Talent, Cash
July 7, 2020
According to tech security specialist Joshua Platt, ransomware has evolved rapidly from extorting chump change to unlock PCs to holding companies hostage for millions of dollars. His firm has revealed how a criminal network gained access to a network and deployed Ryuk ransomware in the space of just two weeks, turning a small security breach into a lethal ransomware attack. It began with Trickbot malware, allowing hackers to peruse the data at their leisure and figure out how to make money with it. They use tools like PowerTrick and Cobalt Strike, searching for open ports they can access. Then they move to the ransomware phase of the attack. Ryuk, first seen in 2018, can remain inert in the target’s system for days, or even months, before being activated, allowing the hackers time to identify the most critical network systems. That delay is the only chance to stop the attack from being triggered, if the first infection can be discovered. According to the FBI, Ryuk ransomware generated about $61m in ransom between February 2018 and October 2019. That war chest means the extortionists who use it have the ability to hire more talent, and further hone their strategy.
Read full article at:
Share this post: