Ryuk Ransomware – Still Netting CyberCriminals Payouts Through Attacks on Local Governments and Smaller Enterprises – So, What Should They Do?

No Gravatar

Despite better security solutions now available to combat ransomware, old and new strains are still being utilized to great effect. The latest report from Bleeping Computer, is focused on the “Ryuk” ransomware, being used by a group in Eastern Europe to attack municipalities in North America. Borrowing code from the previously seen “Hermes” malware, attributed to the North Korean hacker group Lazarus, the Ryuk strain is hitting smaller government offices, communities and enterprises quite successfully, and in this case, Jackson County ended up having to pay them USD$400,000.

There is a reason hackers are hitting these municipalities and smaller offices. The effects of these ransomware attacks can be enormous, especially for government organizations; reducing activities to a crawl, wreaking havoc on government services, and still costing the organizations ransom in exchange for decryption keys. As noted in the article, Jackson County, Georgia was hit, forcing county offices to revert to paper to do their jobs, slowing operations to a snail’s pace.

Because the county did not have a backup system in place, it either had to take a huge operational hit and be offline for a long period; spending money to rebuild their networks and hopefully incorporate a much needed data backup policy and network security system; or it had to pay the $400,000 ransom, which it ended up doing.

Unfortunately, Jackson County was not the only victim of this new Ryuk ransomware. Major newspapers in the US, whose printing and delivery were greatly affected by attacks in December of 2018, were also not immune. A list of those hit include some major publications, such as the Wall Street Journal, New York Times, Los Angeles Times, Chicago Tribune and Baltimore Sun, to name a few.

However, Jackson County exemplifies the case of small organizations such as municipalities having to continually cut costs to the extent that resources are always scarce for these organizations. The decision facing these CIOs is what sort of solutions could be put into place to battle these attacks and to ensure they will not be affected again?

Wedge’s position is that even if they had the resources to implement a proper data backup and maintenance program, these organizations need to put in place a real-time solution like Wedge Advanced Malware Blocker (WedgeAMB), where ransomware attacks could be detected and blocked before they have a chance to even enter the organizations’ networks. The reasoning is simple –ransomware’s approach today is to encrypt an organization’s resources, but it is easy to paint the picture that in the future, exfiltration of data OUTSIDE the organization is the next step of ransomware’s evolution. You heard it here first!

Together, with its Deep Content Inspection technology, combined with AI-algorithms and multiple malware databases, WedgeAMB can see the content in real-time and block ANY content that is deemed malicious before it has a chance to do any damage. Having such a system in place would definitely have prevented attacks such as the ones perpetrated on Jackson County and the various newspapers.

So we argue that prevention could be the cure instead of relying on detection and expensive remediation and out of our civic responsibility to our municipalities out there, Wedge is offering its Wedge Advanced Malware Blocker FREE for 90 days. Email our team at info@wedgenetworks.com to see how your organization could benefit from a solution that can make ransomware attacks obsolete!

About Wedge Chief Scientist

Husam Kinawi, Chief Scientist Dr. Kinawi has a PhD and MSc in Computer Science from the Universities of Calgary, Canada and London, UK. In 1997, he co-founded Mpower Technologies Inc., a wireless telecommunications software company. In 1999, Dr. Kinawi co-founded ActiveIq.com (NASDAQ: AIQT), a Boston-based e-Business applications firm. Dr. Kinawi has over seventeen years of research and development experience working with industry leaders such as Newbridge (Alcatel), Siemens, United Technologies, and Apple in the areas of distributed information systems, embedded applications and wireless Internet solutions. Dr. Kinawi has also spoken at several major conferences, published several research papers, and is the holder of several patents in the area of mobile and wireless devices.
This entry was posted in Industry News, Latest Security News and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Before you submit form:
Human test by Not Captcha