Security News In Review: Ryuk Ransomware Gets a Makeover

In this week’s roundup, we discover new tactics of threat actors, ongoing cyberattacks, and (surprisingly) the new depths ransomware operators will travel in order to make their victims pay. Keep reading to learn about the latest developments in c… Continue reading Security News In Review: Ryuk Ransomware Gets a Makeover

Ryuk ransomware develops worm-like capabilities, France warns

A new sample of Ryuk ransomware appears to have worm-like capabilities, according to an analysis from the French National Agency for the Security of Information Systems (ANSSI), France’s national cybersecurity agency. With such worm-like self-replicating capabilities, Ryuk, one of the most prolific strains of ransomware in the world, can spread from machine to machine without any human interaction. The development presents only another challenge for security-minded researchers and law enforcement authorities already trying to grapple with the scourge of ransomware attacks pummeling international networks. Ryuk hackers have previously leveraged other methods to spread through the networks they target, and have not previously had the ability to move laterally in a network, according to previous research from the U.K.’s National Cyber Security Centre. ANSSI found the sample with the new capability earlier this year, the analysis states. The disclosure of the discovery comes weeks after law enforcement entities from multiple countries […]

The post Ryuk ransomware develops worm-like capabilities, France warns appeared first on CyberScoop.

Continue reading Ryuk ransomware develops worm-like capabilities, France warns

Universal Health Services reports $67 million in losses after apparent ransomware attack

An apparent ransomware attack last fall caused $67 million in pre-tax losses at Universal Health Services, the U.S. health care provider has revealed, illustrating the sharp financial toll that criminal hackers have caused the sector during the pandemic. The Sept. 27 breach at Universal Health Services (UHS) was widely reported to be a ransomware attack, with some analysts saying it involved the Ryuk strain of malicious code. It came amid a wave of suspected Ryuk incidents at the computer networks of various U.S. hospitals that federal authorities scrambled to address. UHS, which oversees 400 hospitals and calls itself one of the biggest health care providers in the country, now says the cost of the breach included lost revenue because ambulances were diverted to competitor facilities. The incident also delayed billing procedures for more than two months, and forced UHS to spend big on labor costs to restore connectivity, the company […]

The post Universal Health Services reports $67 million in losses after apparent ransomware attack appeared first on CyberScoop.

Continue reading Universal Health Services reports $67 million in losses after apparent ransomware attack

Emotet, NetWalker and TrickBot have taken big blows, but will it be enough?

A trio of operations meant to disrupt ransomware outfits in recent months — two of which came to light this week — could have lasting impacts even if they stop short of ending the threat, security experts say. Researchers are still sizing up the effects of recent busts of the Emotet and NetWalker gangs, but those operations have the potential to be more potent than last fall’s maneuvers against the TrickBot ransomware. In research out Friday, Menlo Security — echoing similar conclusions from other cyber firms — said it saw signs of TrickBot recovering, but the rebound has amounted to just a “trickle.” U.S. Cyber Command and Microsoft had led separate efforts to disrupt the hacking infrastructure of TrickBot, a massive army of zombified computers. The fear was that the botnet could be used to carry out ransomware attacks afflicting the November elections. This week’s two operations might be more promising […]

The post Emotet, NetWalker and TrickBot have taken big blows, but will it be enough? appeared first on CyberScoop.

Continue reading Emotet, NetWalker and TrickBot have taken big blows, but will it be enough?

Four Steps to Mitigate Future Healthcare Cyberattacks

Healthcare institutions are on edge, and not for the reason you’d think. It’s not entirely because of stretched resources due to COVID-19. Instead, they fear the rising number of healthcare cyberattacks. By October 2020, Health and Human S… Continue reading Four Steps to Mitigate Future Healthcare Cyberattacks

Remote Work Increases Ransomware Attacks on K-12 Schools and Districts, FBI Warns

Earlier this week, the FBI released a security alert warning K-12 schools about the increased risk of ransomware attacks during the coronavirus crisis. Since the transition to online learning and remote work for teachers, K-12 schools have become a luc… Continue reading Remote Work Increases Ransomware Attacks on K-12 Schools and Districts, FBI Warns

City of Cartersville Admits Paying Ryuk Ransomware Operators $380,000

Almost a year after getting infected with ransomware, the City of Cartersville in the U.S. State of Georgia this week admitted to paying ransomware operators $380,000 to unlock its systems. Cartersville reportedly got infected in early May last year wh… Continue reading City of Cartersville Admits Paying Ryuk Ransomware Operators $380,000

DOD contractor Electronic Warfare Associates hit with Ryuk ransomware

Electronic Warfare Associates (EWA), a government contractor that works with the Department of Defense, Department of Justice, and Department of Homeland Security, has been hit with a ransomware attack, CyberScoop has learned. EWA’s CEO and president, Carl Guerreri, confirmed the infection in a Thursday interview with CyberScoop, but wouldn’t reveal further details. He declined to comment on how much of the company’s network was currently down, when the initial ransomware infection had taken place, what the initial infection vector was, or when EWA notified law enforcement. “I don’t want to give out any details for security reasons,” Guerreri told CyberScoop. “We’re coordinating with law enforcement.” The company was hit with Ryuk ransomware, according to security researchers who spoke with ZDNet, which first reported the infection. Guerreri doesn’t know how much money attackers are demanding, but said EWA has no plans to pay a ransom. “I had no intention of paying anything so I didn’t even […]

The post DOD contractor Electronic Warfare Associates hit with Ryuk ransomware appeared first on CyberScoop.

Continue reading DOD contractor Electronic Warfare Associates hit with Ryuk ransomware

Researchers paint different portraits of hackers behind Ryuk ransomware

Analysts poring over the Ryuk ransomware are coming to different conclusions about the hackers responsible and the victims they’re targeting, highlighting the subjective side of cyberthreat studies. One thing, however, is clear: the infectious malware pays. Newly published research from McAfee and Coveware finds that the average ransom payment involving Ryuk is more than 10 times that of other types of ransomware. Some victims of Ryuk “either lost their data or took on staggering financial risk to pay the ransom,” the researchers wrote. In some cases, Ryuk’s purveyors took big payouts of over 100 bitcoin (nearly $400,000 at current rates), in others they were satisfied with squeezing smaller sums from the victims, the McAfee-Coveware report said. The research follows a January report from another company, CrowdStrike, saying that hackers had earned $3.7 million from Ryuk since the ransomware emerged in August. Victims have reportedly included a North Carolina water utility and multiple […]

The post Researchers paint different portraits of hackers behind Ryuk ransomware appeared first on CyberScoop.

Continue reading Researchers paint different portraits of hackers behind Ryuk ransomware

Ryuk ransomware shows Russian criminal group is going big or going home

A criminal hacking group suspected of operating out of Russia has shifted tactics in recent months from wire fraud to targeting big organizations for ransomware payouts, according to new research. The change in tactics is exemplified by the infamous Ryuk ransomware, which cybersecurity company CrowdStrike said Thursday is being used by a subset of the Russian group to rake in $3.7 million since August. The trend in extorting bigger organizations “has been increasing in the last year and poses a significant challenge to enterprises and businesses,” Adam Meyers, vice president of intelligence at CrowdStrike, told CyberScoop. “We have observed numerous adversaries adopting this tactic and charging substantial fees to unlock data across the entire network.” Ryuk has surfaced in a number of cyber incidents in recent months. A North Carolina water utility said it was hit by the ransomware in October. Last month, Ryuk was reportedly used in an attack […]

The post Ryuk ransomware shows Russian criminal group is going big or going home appeared first on CyberScoop.

Continue reading Ryuk ransomware shows Russian criminal group is going big or going home