Cut up hard drive

27 Oct 2020

There's an Increase in Ryuk Ransomware Attacks

CERT NZ warns New Zealand businesses to be prepared for a Ryuk ransomware attack. Here's what you need to know.

Find out more
Home Blog

CERT NZ has advised the public that they are aware of a spike in Ryuk ransomware attacks in the United States. These attacks are encrypting the systems of numerous organisations in the health care sector, and demanding ransoms, averaging over USD$100,000 to be paid in bitcoin for the decryption of information.

While this campaign is currently affecting organisations based in the United States, CERT NZ has begun to encourage New Zealand organisations to make sure they have the protections in place to help protect against an attack.

How to tell if you're at risk

Currently Ryuk is affecting international organisations in the health care sector, however anyone can be targeted by Ryuk, including individuals, businesses and large organisations. The attack is targeting computers, networks and servers that have been infected with Emotet or Trickbot.

CERT NZ has advised there are three main ways these attacks are taking place.

  1. Through a previous Emotet or Trickbot infection.
  2. Through email attachments that deploy Ryuk ransomware directly
  3. Through remote desktop (RDP) access, an attacker can install and execute Ryuk directly on the target machine or wider network.

How to tell if you're affected

The impacts of Ryuk are immediate. If you are affected:

  • You will not be able to access any of the files on your computer.
  • There will be a new file on your desktop titled ‘RyukReadMe.txt’ or similar, containing the ransom demands.
Emergency Roll

What to do?

As there are multiple ways a Ryuk ransomware infection can occur, CERT NZ recommends you take the following measures:

  • Make sure you have an anti-virus solution installed and kept up to date with detection signatures.
  • Run an email-filtering solution to quarantine or reject suspicious attachments.
  • Mandate the use of strong, unique passwords.
  • Implement multi-factor authentication for account access where possible.
  • Implement application whitelisting.
  • Keep systems up-to-date with patches.
  • Disable any unnecessary remote access capabilities (such as RDP).
  • Maintain an offline backup of your systems.

Not a ready as you expected?

The expert team at Cybercraft works with businesses to define and implement a programme ideally suited to your organisation. Taking industry standards as a baseline, we enable your business to flourish in an integrated but volatile cyber environment.

Find out more about how you can understand, manage and reduce the risks of technology and user behaviours inside your business by reviewing our Cyber Resilience services.

Share this article

More articles