• Services
    • [Tabs]
      • Application Security
        • [Column]
          • SERVICES
          • Web Application Penetration Testing
          • Mobile Application Pentesting
          • Web Services & API Assessment
          • Secure Code Review
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
      • Network Security
        • [Column]
          • SERVICES
          • Network Vulnerability Assessment and Penetration Testing
          • VoIP Vulnerability Assessment & Penetration Testing
          • Wireless Penetration Testing
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
      • Cloud Security
        • [Column]
          • SERVICES
          • Cloud Auditing & Hardening for AWS
          • Cloud Auditing & Hardening for Azure
          • Cloud Auditing & Hardening for GCP
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
      • Threat Simulation
        • [Column]
          • SERVICES
          • Red Team Assessment
          • Red Team VS Blue Team
          • Social Engineering Assessment
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
      • Container Security
        • [Column]
          • SERVICES
          • Docker CIS Benchmark Hardening
          • Container Vulnerability Assessment
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
      • Compliance
        • [Column]
          • SERVICES
          • ISO 27001 Auditing
          • PCI DSS Prepardness
          • HIPAA Auditing
        • [Column]
          • RESOURCES
          • [Dynamic Posts]
  • Solutions
    • [Column]
      • ENTERPRISE SECURITY
      • Managed Security
      • DEVSECOPS SOLUTIONS
      • Continuous Secrets Monitoring
      • Continuous Container Security
      • Continuous Application Security
      • Continuous Cloud Monitoring
    • [Column]
      • RESOURCE
      • [Dynamic Posts]
  • Products
    • AppDagger
    • Strobes
  • Resources
    • Blog
    • Datasheets
    • Case Studies
    • Whitepapers
    • Podcasts
  • Company
    • [Tabs]
      • About
        • [Column]
          • Journey Timeline
          • timeline-image
        • [Column]
          • Mission,Vision, Values
          • mission-vision-image
      • Media
        • [Column]
          • Media title
        • [Column]
          • Media Image
      • Partners
        • [Column]
          • Partners title
        • [Column]
          • Partners Image
      • Careers
        • [Column]
          • Careers title
        • [Column]
          • Careers Image
  • Careers
  • Company
    • About us
    • Partners
Menu
  • Services
      • Application Security
          • SERVICES
          • applicationWeb Application Penetration Testing
          • mobile_phoneMobile Application Pentesting
          • touchWeb Services & API Assessment
          • code-syntaxSecure Code Review
          • RESOURCES
          • new-blog-post-–-11 The Return of Ryuk Ransomware
      • Network Security
          • SERVICES
          • network-1Network Vulnerability Assessment and Penetration Testing
          • telephone (1)VoIP Vulnerability Assessment & Penetration Testing
          • wireless_modem (1)Wireless Penetration Testing
          • RESOURCES
          • Web-1920-–-7 Keep Your Organization Safe From Office 365 Cyberattacks
      • Cloud Security
          • SERVICES
          • AWS-2Cloud Auditing & Hardening for AWS
          • Union-5Cloud Auditing & Hardening for Azure
          • AwsCloud Auditing & Hardening for GCP
          • RESOURCES
          • Web-1920-–-14-1536×864 3 Clear Warnings To Tell If You’re Breached
      • Threat Simulation
          • SERVICES
          • global-securityRed Team Assessment
          • firewall-1Red Team VS Blue Team
          • insights-1Social Engineering Assessment
          • RESOURCES
          • Web 1920 – 9Exploiting UN-attended Web Servers To Get Domain Admin – Red Teaming
      • Container Security
          • SERVICES
          • dockerDocker CIS Benchmark Hardening
          • constructContainer Vulnerability Assessment
          • RESOURCES
          • Web-1920-–-11 Top 7 cyber security measures that enterprises shouldn’t neglect
      • Compliance
          • SERVICES
          • global–strategyISO 27001 Auditing
          • global_finance_sterlingPCI DSS Prepardness
          • medical_1_ (1)HIPAA Auditing
          • RESOURCES
          • newPersistent XSS to Steal Passwords – Paypal
  • Solutions
      • ENTERPRISE SECURITY
      • secure–data (1) (1)Managed Security
      • DEVSECOPS SOLUTIONS
      • Secrets MonitoringContinuous Secrets Monitoring
      • Container ScanningContinuous Container Security
      • Application SecurityContinuous Application Security
      • Cloud MonitoringContinuous Cloud Monitoring
      • RESOURCE
      • Blog-background-1536×864 Why Startups Need CyberSecurity
  • Products
    • AppDagger
    • Strobes
  • Resources
    • Blog
    • Datasheets
    • Case Studies
    • Whitepapers
    • Podcasts
  • Careers
  • Company
    • About us
    • Partners
Contact

Schedule a Meeting
  • Services
    • Application Security
      • Web Application Penetration Testing
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Secure Code Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing & Hardening for AWS
      • Cloud Auditing & Hardening for Azure
      • Cloud Auditing & Hardening for GCP
    • Threat Simulation
      • Red Team Assessment
      • Red Vs Blue Team
      • Social Engineering
    • Container Security
      • Docker CIS Benchmark Hardening
      • Container Vulnerability Assessment
    • Compliance
      • ISO 27001 Auditing
      • PCI DSS Prepardness
      • HIPAA Auditing
  • Solutions
    • Enterprise Security
      • Managed Security Solutions
    • Devsecops Solutions
      • Continuous Secrets Monitoring
      • Continuous Container Security
      • Continuous Application Security
      • Continuous Cloud Monitoring
  • Products
    • AppDagger
    • Strobes
  • Resources
    • Blog
    • Datasheets
    • Case studies
    • White Papers
    • Podcasts
  • Careers
  • Company
    • About us
    • Partners
  • Contact
Menu
  • Services
    • Application Security
      • Web Application Penetration Testing
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Secure Code Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing & Hardening for AWS
      • Cloud Auditing & Hardening for Azure
      • Cloud Auditing & Hardening for GCP
    • Threat Simulation
      • Red Team Assessment
      • Red Vs Blue Team
      • Social Engineering
    • Container Security
      • Docker CIS Benchmark Hardening
      • Container Vulnerability Assessment
    • Compliance
      • ISO 27001 Auditing
      • PCI DSS Prepardness
      • HIPAA Auditing
  • Solutions
    • Enterprise Security
      • Managed Security Solutions
    • Devsecops Solutions
      • Continuous Secrets Monitoring
      • Continuous Container Security
      • Continuous Application Security
      • Continuous Cloud Monitoring
  • Products
    • AppDagger
    • Strobes
  • Resources
    • Blog
    • Datasheets
    • Case studies
    • White Papers
    • Podcasts
  • Careers
  • Company
    • About us
    • Partners
  • Contact
Menu
  • Services
      • Application Security
          • SERVICES
          • applicationWeb Application Penetration Testing
          • mobile_phoneMobile Application Pentesting
          • touchWeb Services & API Assessment
          • code-syntaxSecure Code Review
          • RESOURCES
          • new-blog-post-–-11 The Return of Ryuk Ransomware
      • Network Security
          • SERVICES
          • network-1Network Vulnerability Assessment and Penetration Testing
          • telephone (1)VoIP Vulnerability Assessment & Penetration Testing
          • wireless_modem (1)Wireless Penetration Testing
          • RESOURCES
          • Web-1920-–-7 Keep Your Organization Safe From Office 365 Cyberattacks
      • Cloud Security
          • SERVICES
          • AWS-2Cloud Auditing & Hardening for AWS
          • Union-5Cloud Auditing & Hardening for Azure
          • AwsCloud Auditing & Hardening for GCP
          • RESOURCES
          • Web-1920-–-14-1536×864 3 Clear Warnings To Tell If You’re Breached
      • Threat Simulation
          • SERVICES
          • global-securityRed Team Assessment
          • firewall-1Red Team VS Blue Team
          • insights-1Social Engineering Assessment
          • RESOURCES
          • Web 1920 – 9Exploiting UN-attended Web Servers To Get Domain Admin – Red Teaming
      • Container Security
          • SERVICES
          • dockerDocker CIS Benchmark Hardening
          • constructContainer Vulnerability Assessment
          • RESOURCES
          • Web-1920-–-11 Top 7 cyber security measures that enterprises shouldn’t neglect
      • Compliance
          • SERVICES
          • global–strategyISO 27001 Auditing
          • global_finance_sterlingPCI DSS Prepardness
          • medical_1_ (1)HIPAA Auditing
          • RESOURCES
          • newPersistent XSS to Steal Passwords – Paypal
  • Solutions
      • ENTERPRISE SECURITY
      • secure–data (1) (1)Managed Security
      • DEVSECOPS SOLUTIONS
      • Secrets MonitoringContinuous Secrets Monitoring
      • Container ScanningContinuous Container Security
      • Application SecurityContinuous Application Security
      • Cloud MonitoringContinuous Cloud Monitoring
      • RESOURCE
      • Blog-background-1536×864 Why Startups Need CyberSecurity
  • Products
    • AppDagger
    • Strobes
  • Resources
    • Blog
    • Datasheets
    • Case Studies
    • Whitepapers
    • Podcasts
  • Careers
  • Company
    • About us
    • Partners
Contact
Schedule a Meeting
  • Services
    • Application Security
      • Web Application Penetration Testing
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Secure Code Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing & Hardening for AWS
      • Cloud Auditing & Hardening for Azure
      • Cloud Auditing & Hardening for GCP
    • Threat Simulation
      • Red Team Assessment
      • Red Vs Blue Team
      • Social Engineering
    • Container Security
      • Docker CIS Benchmark Hardening
      • Container Vulnerability Assessment
    • Compliance
      • ISO 27001 Auditing
      • PCI DSS Prepardness
      • HIPAA Auditing
  • Solutions
    • Enterprise Security
      • Managed Security Solutions
    • Devsecops Solutions
      • Continuous Secrets Monitoring
      • Continuous Container Security
      • Continuous Application Security
      • Continuous Cloud Monitoring
  • Products
    • AppDagger
    • Strobes
  • Resources
    • Blog
    • Datasheets
    • Case studies
    • White Papers
    • Podcasts
  • Careers
  • Company
    • About us
    • Partners
  • Contact
Menu
  • Services
    • Application Security
      • Web Application Penetration Testing
      • Mobile Application Pentesting
      • Web Services & API Assessment
      • Secure Code Review
    • Network Security
      • Network Vulnerability Assessment and Penetration Testing
      • VoIP Vulnerability Assessment & Penetration Testing
      • Wireless Penetration Testing
    • Cloud Security
      • Cloud Auditing & Hardening for AWS
      • Cloud Auditing & Hardening for Azure
      • Cloud Auditing & Hardening for GCP
    • Threat Simulation
      • Red Team Assessment
      • Red Vs Blue Team
      • Social Engineering
    • Container Security
      • Docker CIS Benchmark Hardening
      • Container Vulnerability Assessment
    • Compliance
      • ISO 27001 Auditing
      • PCI DSS Prepardness
      • HIPAA Auditing
  • Solutions
    • Enterprise Security
      • Managed Security Solutions
    • Devsecops Solutions
      • Continuous Secrets Monitoring
      • Continuous Container Security
      • Continuous Application Security
      • Continuous Cloud Monitoring
  • Products
    • AppDagger
    • Strobes
  • Resources
    • Blog
    • Datasheets
    • Case studies
    • White Papers
    • Podcasts
  • Careers
  • Company
    • About us
    • Partners
  • Contact
Awareness  ·  Blog  ·  Cyber Security

The Return of Ryuk Ransomware

By Supriya  Published On December 24, 2020

After a long respite, Ryuk is back with its new strategies and tools. First spotted in August 2018, the Ryuk gang gained infamy in 2019. They demanded multi-million dollars ransoms from hospitals, local governments and companies. Based on the investigation done by Federal Bureau of investigation the ransomware pulled over $6 million just in the United States. There was a conjecture that the Ryuk actors had moved on to a re-branded version of the ransomware, termed as “Conti”. Ryuk was back with some trivial modifications, but also demonstrated an evolution of the tools used to confront targeted networks and deploy the ransomware.

The attack was also remarkable because of its rapid movement from initial compromise to ransomware deployment. Within a span of three and a half hours of a victim opening a phishing email attachment, invaders were already conducting network exploration. In a day’s time they had gained access to a domain controller, and were in the early phase of attempting to deploy the ransomware.

The invaders were consistent as well. When the launch attempts failed, the Ryuk actors made multiple attempts to install new ransomware and malware, which included renewed phishing attempts to re-establish a foothold. Before the conclusion of the attack, over 90 servers and other systems were already a part of the attack, though the ransomware was blocked from full execution.

Ryuk Ransomware—Healthcare’s Biggest Instigator 

Healthcare organizations have been gallantly fighting to save lives since the COVID-19 pandemic began, but they also had to shift their focus to another type of virus attack. From March 2020, healthcare organizations in the United States were hit with multiple cyber attacks from threat actors who planned to make the most of any vulnerability in these systems. The hottest to join the ranks of healthcare network threats is Ryuk, a ransomware that has maltreated various medical organizations since September 2020.

What is Ryuk Ransomware?

Similar to most ransomware attacks, Ryuk penetrates networks and encrypts critical files while the cyber criminals behind the deployment demand payoff from the host in trade for a decryption key. Ryuk was first exposed in 2018 and ever since it has been successfully demanding payoffs to the tune of millions from various hospitals, local governments and private enterprises. It is chiefly believed that Ryuk is based on an older ransomware program termed as “Hermes” and is driven by a Russian speaking cyber criminal group.

How does Ryuk attack Healthcare organizations?

Various threat detecting agencies have identified that like most ransomware, Ryuk also uses phishing emails to gain entry to the networks. The emails are spoofed which makes the recipient believe it is from a trusted source. Once the email attachment is opened either a Trickbot or a Trojan is introduced into the host system. From here, the virus gathers admin credentials, allowing invaders to move across the network to find vital assets. Once the attackers gain access to the high-valued assets in the network, Ryuk is executed to encrypt the critical assets and then a ransom payment demand in Bitcoin is made.

How can we prevent Ryuk Ransomware Attacks?

With the increase in cyber attacks on healthcare organizations and hospitals during the COVID-19 pandemic, it is extremely crucial to take proactive security measures to prevent major disruptions that can put patients’ lives on stake.

The following steps can help prevent the spreading of the ransomware if they are a victim of it:

  1. Implementing Cyber Hygiene
  2. Introducing Endpoint Protection
  3. Micro Segmentation
  4. Zero Trust Security

1. Implementing Cyber Hygiene:

Cyber criminals are very well aware that people are the weakest link in the security chain, hence phishing emails are the most preferred mode of entry into a secured system. The most basic step is to educate medical staff to identify suspicious emails and tell them to not click emails or attachment from unknown sources. This can help organizations from being hacked.

2. Introducing Endpoint Protection:

Though installing basic antivirus is a bare-minimum security measure, it cannot stop complicated malwares from exploiting system vulnerabilities. It is extremely crucial to lockdown endpoints by using configurable security rules by forcing blacklisting and whitelisting. This will help ensure the execution of only deemed safe files and applications. Rest all applications that are suspicious or unknown are thus prevented from executing which includes ransomware, zero-day attacks and malware.

3. Micro Segmentation

These ransomware attacks are only triggered when the cyber criminals gain access to high-value healthcare assets like Protected Health Information (PHI).In order to achieve this they move across the network, exploring for firewall vulnerabilities and open ports. If Micro – segmentation is implemented hospitals can segment and isolate vital assets and applications. After the segments are defined, granular access controls can be used to grant only authorized users to access their applications. With Micro-segmentation one can avoid both unauthorized access and lateral movement from compromised systems.

4. Zero Trust Security

This cyber security approach uses the least privilege principle. Zero Trust security uses preset trust parameters to ensure high level security. Any application, user or device is verified based on these preset parameters to gain access. If the requester fails to go through any of these parameters, access is denied and the request is deemed unauthorized or suspicious. Zero Trust security can help identify cyber criminals at an early stage.

As the world fights against a unique health crisis, the medical sector is playing the biggest role on the front lines of this pandemic. There have been ruthless criminals who are taking advantage of the vulnerable health facilities. But if medical organizations invest in easy to deploy security solutions, they can continue to focus on their main goal: save lives.


Leave A Reply Cancel reply

Your email address will not be published. Required fields are marked *

*

*

Pro-active Cyber Security Vs Re-active Cyber Security. Which One Are You?
Previous Article
Essential compliance for a secure WFH model
Next Article

Industries

BFSI

Healthcare

Government

Retail & eCommerce

Information Technology

Telecommunications

Services

Application Security

Network Security

Cloud Security

Container Security

Threat Simulation

Compliance & Auditing

Solutions

DevSecOps

Managed Security

products

Strobes

AppDagger

Resources

Blog

Datasheets

Case studies

White papers

Podcasts

Company

About

Partners

Careers

Testimonials

Contact

Industries

Banking

Healthcare

Government

Retail

Technology

Telecommunications

Services

Application Security

Network Security

Cloud Security

Container Security

Threat Simulation

Compliance & Auditing

CMS Security

Solutions

DevSecOps

Managed Security

Secret Monitoring

Incident Response

Remote SOC

Products

Strobes

For CXOs

For SecOps

For Dev & IT

appdagger

SAST

DAST

Resources

Blog

Datasheets

Case studies

White papers

Podcasts

Webinars

Company

About

Media Partners

Awards

Partners

Careers

Testimonials

Contact

© 2021 WeSecureApp. All rights reserved.

logo--facebook
logo--instagram
logo--linkedin
logo--twitter

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

Appdagger Case Study

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Talk to our Delivery Head

Case Study Form
Enter the Captcha

Get Started!

Case Study Form

Strobes Case Study

Case Study Form
Enter the Captcha

Mobile app security report

Case Study Form
Enter the Captcha

Devsecops Datasheet

Datasheet Form
Enter the Captcha

Compliance & Auditing

Datasheet Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Partner with us today!

WSA_partners_with_us

Partners Brochure

WSA_partners_brochure

Enterprise Security

Datasheet Form
Enter the Captcha

Container Security

Datasheet Form
Enter the Captcha

Cloud Security

Datasheet Form
Enter the Captcha

Explore Our Work

WSA_explore_our_work
Enter the Captcha

Red Team Assessment

Datasheet Form
Enter the Captcha

Network VAPT

Datasheet Form
Enter the Captcha

Application VAPT

Datasheet Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

By failing to prepare, you are preparing to fail

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Take a peek into sample report

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha

Get Started!

Case Study Form
Enter the Captcha
navy_bubble.png
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok