Cybercriminals are using Ryuk ransomware to target global organizations, according to a National Cyber Security Centre (NCSC) warning. In addition, NCSC is currently investigating Ryuk campaigns, the United Kingdom-based organization said.
Ryuk was initially discovered in August 2018. The ransomware generally goes undetected for days or months after an initial infection, which enables the threat actor to identify and attack an organization's critical network systems.
Hackers recently used Ryuk to infect a data center system owned and operated by cloud services provider (CSP) CloudJumper. Furthermore, cybercriminals in December launched Ryuk attacks across servers from California MSP Data Resolution.
How Can Organizations Combat Ryuk Attacks?
Cybercriminals have used Ryuk attacks to collect at least $640,000 in Bitcoin from global organizations, master MSSP Perch Security indicated. However, organizations that plan ahead for Ryuk are better equipped than ever before to identify and prevent ransomware attacks.
NCSC offers a variety of tips to help organizations combat Ryuk attacks, including:
- Use the latest versions of software.
- Apply security patches regularly.
- Use antivirus solutions and scan networks to guard against known malware threats.
- Whitelist applications.
- Leverage security monitoring tools.
- Review and update incident management processes to keep pace with evolving cyber threats.
- Deploy multi-factor authentication tools.
- Utilize anti-phishing solutions.
MSSPs also can help organizations identify and address Ryuk attacks. By offering threat monitoring and remediation, managed detection and response (MDR) and other proactive managed security services, MSSPs can protect organizations against ransomware and other cyber threats.