Ransomware, Channel partners, Content, Content

Perch Security: Hackers Use Ryuk Ransomware to Collect $640K

Cybercriminals recently used Ryuk ransomware to collect at least $640,000 in Bitcoin from global organizations over a two-week span, according to master MSSP Perch Security.

Perch, backed by ConnectWise and Fishtech Group, develops various monitoring and early warning systems to help channel partners minimize security threats facing their end-customers.

Hackers launched a Ryuk ransomware campaign against global organizations in August, Perch indicated. They used network mapping, network compromise and credential theft in conjunction with Ryuk ransomware to encrypt victims' PCs and storage and data centers and demanded Bitcoin ransoms.

Ryuk is used "exclusively for tailored attacks," network and endpoint security software provider Check Point Software Technologies stated. It ensures that crucial assets and resources are infected in a targeted network; meanwhile, cybercriminals carry out the ransomware's infection and distribution.

During a Ryuk attack, the ransomware sweeps every drive and network across a victim's system, Check Point said. It then encrypts every system file and directory except for any file or directory that contains text from a hardcoded whitelist.

Cybercriminals have used multiple versions of ransom notes during Ryuk campaigns, according to Check Point. The highest recorded payment to date from a Ryuk attack was 50 Bitcoin (approximately $320,000), and other Ryuk attacks have resulted in ransom payments that range between 15 and 35 Bitcoin (up to $224,000).

How to Address Ryuk Ransomware Attacks

Cybercriminals have already used Ryuk to launch successful ransomware attacks against global organizations. As such, they likely will continue to use Ryuk to deploy ransomware attacks in the foreseeable future.

Perch offered the following recommendations to mitigate Ryuk ransomware attacks:

  • Use an intrusion detection system (IDS) to monitor all network communications.
  • Deploy email filtration technologies to identify malicious email attachments.
  • Leverage file integrity monitoring (FIM) tools to identify downloaded executables related to Ryuk and other ransomware attacks.
  • Use security monitoring tools.

The number of ransomware attacks tripled across all industries in 2017, according to artificial intelligence-based advanced threat prevention solutions provider Cylance. However, MSSPs can help organizations identify and address Ryuk and other ransomware attacks.

How Can MSSPs Help Organizations Address Ransomware Attacks?

MSSPs can help organizations address ransomware attacks and other cyber threats in several ways, including:

  • Develop and launch an employee training program. Help an organization develop and launch a cybersecurity training program that teaches its employees how to identify cyber threats and limit their impact.
  • Safeguard critical data against insider threats. Offer data security and identity and access management (IAM) solutions to help an organization protect its sensitive data and manage user access.
  • Provide threat intelligence. Deliver threat intelligence in conjunction with unstructured data from blogs, websites and other relevant sources to help an organization evaluate security incidents. 
  • Implement an incident response plan. Help an organization create and deploy an incident response plan and update this strategy regularly.

MSSPs can help organizations minimize the risks associated with ransomware and other cyber threats. By doing so, they could increase their revenues and accelerate their growth.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.