Ransomware aims to achieve the same goals no matter what it is. However, every ransomware variant differs in the way it is deployed and affects the device in question.
Ryuk ransomware is a notorious family of threats that's been prevalent since 2018.
So what is Ryuk ransomware? Who's most at risk? And how can you protect yourself against it?
What Is Ryuk Ransomware?
Ryuk signifies a Japanese name associated with the manga series, Death Note. It means “gift of God.”
Just like every other ransomware, it locks files and holds them hostage for a ransom. However, Ryuk ransomware focuses on encrypting only essential files, which makes it harder to detect. It also has the ability to search for any network drives and encrypt them.
In some cases, it has evolved to have worm-like characteristics to spread from one system to another.
Unlike some ransomware types, Ryuk was not developed from scratch. It was converted from Hermes ransomware, which was sold on the black market.
It is believed that a Russian crime organization, WIZARD SPIDER, is responsible for the operation. While they were already known for their fraud attacks, the ransomware helped them get greater rewards.
How Does It Work?
Ryuk ransomware commonly spreads through phishing emails. You get an email with a Microsoft document tailored to download Emotet malware when you open it.
Once your computer is affected, it downloads another malware, i.e. Trickbot. It acts as spyware that steals admin credentials. When the attacker has the credentials, they encrypt the essential files separately.
Related: What Is TrickBot Malware and How Can You Protect Yourself?
The ransomware then deletes any backup files and shadow copies in the entire network. Not just limited to the backup storage, Ryuk also affects and ends processes that include antivirus software and other essential services.
That means you probably won't be able to use Windows restoration points to undo the damage done by the ransomware. It uses a .BAT file to prevent the infected system from recovering. And, once infected, the encrypted files can be identified by .ryk or .rycrypted file extensions.
Who Does Ryuk Target?
Considering that it is not traditional ransomware but instead solely targets essential files, it focuses on high-profile organizations.
In fact, it is the second biggest ransomware attack targeting the health sector.
To get the maximum ransom possible, the attackers focus on organizations that have critical data.
How to Stay Safe From Ryuk Ransomware
Common ransomware protection tips should apply here, but you may want to keep some specific things in mind.
Related: What Is Ransomware? and How to Stay Safe?
The priority will be to watch out for phishing emails. If you want to explore more, you should check the different phishing attacks to know what to expect.
Once you've done that, ensure that you keep your system updated and enforce two-factor authentication wherever possible.
Of course, keeping regular backups of your data is important. You do not have to pay a ransom, at least, so the impact of the ransomware attack should be minimum.
How to Recover From Ryuk Ransomware
You can only try recovering the data in safe mode or with the help of some malware protection tools. But it is a time-consuming process. Some technical expertise is needed to recover your critical data.
Considering that it also affects the connected devices, you will have to clean every computer and make sure it does not hit you again when you reconnect the affected network.
So, unless you have a backup of your data, it may not be worth the time invested. Standing up against ransomware sends a strong message, but it's down to the individual business to assess whether it's worth losing critical systems and data.
Ryuk Ransomware Is Constantly Evolving
Ryuk ransomware could be harder to detect or remove in time. So it is best to avoid falling victim in the first place.
If you are a business, you should be looking at a reputable endpoint security solution. And, if you are an individual, following basic safe browsing tips should go a long way.
