Emsisoft, a security firm, found a bug in a decryptor, which was affected by the most prolific ransomware variants, Ryuk. The ransomware caused some data loss and/or corruption of certain files when the victims tried to decrypt the file and restore access.
The brains working behind the malware Ryuk have worked on it for the past several years, improving the sophistication behind the attack. The healthcare industry has been one of its primary targets over the past 1 year. Even the Department of Health and Human Services started issuing an alert in 2018 that compared the technique of this attack to the successful SamSam cyberattacks. The attack can be performed through various channels, but most recently and widely used is when the threat actors scan for Remote Desktop Service ports or other security vulnerabilities, such as stolen credentials, to gain access into the network. Thereon, they scan the target servers to gain access to certain sensitive user data to extort money from the victim.
The Ryuk Hackers recently attacked Alabama’s DCH Health System with a virus that had forced three hospitals to close their doors for new patients. Later, all the officials decided to pay ransom to the hackers to restore access. A variant in ransomware had even affected the IT vendor Virtual Care Provider that locked more than 110 nursing homes and acute care sites out of the EHR.
According to Emsisoft researchers, Ryuk has plagued both public and private sectors over the past several years resulting in the generation of hundreds of millions of ransom revenue for criminals behind it. The malware is deployed using the existing malware infection within the targets network with the encryption been carried out using a combination of RSA and AES.