Hidden Dangers of Ryuk Ransomware - 1. Introduction to Ryuk Ransomware

I. Introduction to Ryuk Ransomware

Here is what the Ryuk Ransomware Ransom Note looks like:

image0003

In 2018, there were at least 53 documented Ransomware attacks against local government computer networks. These include attacks against school districts and colleges. In March 2018, Atlanta, Georgia suffered a major ransomware attack. Several cities in Florida also suffered ransomware attacks – paying more than one million dollars to get their computers back. On July 24, 2018, a ransomware attack in Anchorage Alaska resulted in 120 servers and 500 work stations being infected. This included both Windows 7 and Windows 10 computers. Their email system was completely wiped out. The initial infection occurred on May 3, 2018 meaning that the ransomware was dormant for over two months.

In the first quarter of 2019, the frequency of these attacks increased to nearly double the rate in 2018. In March, Jackson County Georgia and Albany NY were victims of ransomware attacks. In April, Augusta Maine and the Cleveland International Airport suffered ransomware attacks. In May, Baltimore suffered a massive ransomware attack. 10,000 government computers were frozen and unusable.

According to a 2018 report, 20% of all K-12 public schools and 30% of all higher education institutions suffered a data breach loss or ransomware attack in the previous school year. Higher education institutions were the victims of 539 attacks that compromised 13 million student records.
https://media.erepublic.com/document/CDE18_Special_Report_K-20_Cyber_V.pdf

A May 2019 study found that more than 450,000 public facing servers in the US run by schools, colleges and local governments are at risk of a ransomware attack.

Sadly, if your organization has been hit by Ryuk Ransomware, it is likely that your troubles are just getting started. This is because Ryuk is not being distributed as an isolated ransomware. Instead, Ryuk is the visible face of a very ugly mega threat that also includes three very persistent programs called Emotet, Trickbot and Xbot. More recently, hackers evolved a new version of ransomware called Mega Cortex that includes not only Ryuk but also a sudden death Kill Switch. Mega Cortex charges victims millions of dollars to get their computers back and has the ability to permanently kill all computers on the network in less than one second if the victim fails to pay.

image0002

May 2019: Hackers unleash Mega Cortex – Ryuk Ransomware with a Kill Switch

These ransomware weapons evolved from several of the most harmful cyber weapons ever created by the NSA – including a hacking tool called Eternal Blue – that escaped into the wild in 2015.

This is the dirty secret our government and the main stream media do not want you to know about. Ryuk, Trickbot. Emotet, Xbot and Mega Cortex are not the creations of Russian hackers, Iranian hackers, North Korean hackers or Chinese hackers. Instead, they are the latest evolution of cyber weapons that were paid for with your hard earned tax payer dollars. They can be traced back to NSA cyber weapons created as far back as 2007. If you computers have been hacked by Ryuk ransomware, things are about to get much worse.