How to Protect Your Organization from Ransomware Attacks
Ryuk Ransomware is a type of ransomware that targets businesses and corporate environments. Ryuk enters victims’ systems and encrypts their data. The attackers demand payments via Bitcoin cryptocurrency and instructs victims to deposit the ransom into a specific Bitcoin wallet to decrypt their information. A Russian hacker group named Wizard Spider has been responsible for the execution of Ryuk since August 2018. Since Ryuk’s appearance in 2018, threat actors have netted over 708.50 Bitcoins across more than 52 transactions, totaling over $3.7 million.
How does Ryuk work?
The malware enters a system when a victim clicks on a phishing email or clicks a pop up ad with Ryuk embedded in it. A dropper is triggered, which examines the system’s architecture. The dropper then writes an executable that corresponds to the system, which begins the encryption process. Ryuk is preconfigured to inject malicious code into 40 processes and 180 services including antivirus tools, databases, and back ups.
How can I protect my organization from Ryuk?
Ryuk can be detrimental to any business or organization. Although prevention is key, it is important to know what steps to take in the event that your network is compromised.
1. Compose Annual Employee Security Training
Employees are often the weakest link to information security, so it is crucial that they are educated on cyber attack methods and risks. They should be able to identify phishing emails and trained to avoid advertisements and illegitimate websites on their work machine.
2. Implement a Well- Written Disaster Recovery Plan and Business Continuity Plan
In the event that your organization is attacked, you should have procedures in place to continue with business processes. A necessary item to include in these plans are data back- up processes; where the back up data is stored and how to retrieve it. Another important step is prioritizing all your assets that are imperative to business functions.
3. Continuously Update
It is crucial to frequently update your anti- virus software, firewalls, and operating systems to prevent an attacker from exploiting any security holes. Run routine security scans on all machines and perform regular Security Risk Assessments. Additionally, check that your Disaster Recovery Plan is updated frequently and working.