blog

New Ryuk Ransomware Function Spreads Across Networks Quickly

Written by Securafy Team | Mar 27, 2021 3:00:00 PM

In terms of ransoms paid, Ryuk is the most successful strain of ransomware in use today, having netted an estimated $150 million for the group behind the malicious code.

According to a recent report published by France's national cybersecurity agency, it just got even more dangerous.

Ryuk has historically been used preferentially against hospitals and companies closely related to the healthcare industry, which is especially malicious during the ongoing pandemic. With its newly discovered capabilities, hospitals around the world are in even more danger.

French IT security professionals discovered a new module added to the core code. It gives the malware worm-like capabilities that enable it to self-replicate across any machine on the same network as an infected device. This allows the latest version of Ryuk to spread like wildfire across any network it can infect at a single point, making it virtually impossible to stop, once it gains a foothold.

If there's a silver lining, it lies in the fact that hospitals have gotten significantly better at ensuring their backups are robust and taken at regular intervals. Even so, if a hospital network gets shut down because most of the computers on it have their files encrypted, it can put lives at risk in a way that a manufacturing plant or companies in the financial sector simply don't. That makes the risks, and the stakes, even higher.

In a majority of cases, the initial Ryuk infection comes about when the hackers controlling it take advantage of unpatched system vulnerabilities. This is perhaps another silver lining, because that, at least, is something IT managers can control. The lesson here is simple: If you stay current where installing patches and security updates are concerned, you're less likely to fall victim to a Ryuk attack. It's not perfect protection, obviously, but anything that's easy and inexpensive to do that reduces your risk is well worth doing. The question then, is simply this: Is your network running all the latest security patches? If you're not sure, make finding out a priority.