There's an Increase in Ryuk Ransomware Attacks

CERT NZ has advised the public that they are aware of a spike in Ryuk ransomware attacks in the United States. These attacks are encrypting the systems of numerous organisations in the health care sector, and demanding ransoms, averaging over USD$100,000 to be paid in bitcoin for the decryption of information.

While this campaign is currently affecting organisations based in the United States, CERT NZ has begun to encourage New Zealand organisations to make sure they have the protections in place to help protect against an attack.

How to tell if you're at risk

Currently Ryuk is affecting international organisations in the health care sector, however anyone can be targeted by Ryuk, including individuals, businesses and large organisations. The attack is targeting computers, networks and servers that have been infected with Emotet or Trickbot.

CERT NZ has advised there are three main ways these attacks are taking place.

1. Through a previous Emotet or Trickbot infection.
2. Through email attachments that deploy Ryuk ransomware directly
3. Through remote desktop (RDP) access, an attacker can install and execute Ryuk directly on the target machine or wider network.

How to tell if you're affected

The impacts of Ryuk are immediate. If you are affected:

• You will not be able to access any of the files on your computer.
• There will be a new file on your desktop titled ‘RyukReadMe.txt’ or similar, containing the ransom demands.

Not a ready as you expected?

The expert team at Cybercraft works with businesses to define and implement a programme ideally suited to your organisation. Taking industry standards as a baseline, we enable your business to flourish in an integrated but volatile cyber environment.

Find out more about how you can understand, manage and reduce the risks of technology and user behaviours inside your business by reviewing our Cyber Resilience services.