Healthcare Cybersecurity Communications and Integration Center (HCCIC) of the US Department of Health and Human Services (HHS) has recently issued an alert regarding a mounting activity of a new ransomware. The cryptovirological strain in question is Ryuk ransomware, which is pretty similar to SamSam in its distribution and encryption activity.
It is important to mention that Ryuk is not built on an advanced technological platform. However, it has gotten all the notoriety because of its pinpoint targeting and planning that ensures that the targeted users are hit badly. For instance, after completing the encryption of stored files in the affected device, the strain automatically deletes its encryption key so that ransomware removal experts can’t use reverse engineering to develop a decrypter. In addition, the ransomware also writes and execute a script that deletes every shadow volume that can be used to restore the locked down data.
According to cybersecurity experts, Ryuk ransomware operators mostly devise tailored attacks. Therefore, they usually do network mapping and collect user credentials before launching the attack. These prerequisites, which are not followed in any regular ransomware activity, have made Ryuk more effective or rather deadly.
As per one estimate, Ryuk operators have inflicted losses of $640,000 in the form of ransomware removal and recovery costs in a very short span of time. In a recent ransomware attack, Ryuk operators demanded 50 Bitcoins ($320,000!!) for ransomware removal.
As mentioned earlier, due to the non-availability of the encryption key, digital security experts are still struggling to develop the decrypter for Ryuk. For that matter, stopping the attack in the first place is the only way to protect the systems. According to the recommendation of HCCIC, healthcare facilities must put firewall off SMB 445 in place for the protection of an internal network of devices and the access must only be provided to authorized IPs.
