[ALERT] ADVISORY ON RYUK RANSOMWARE

Submitted by admin on Tue, 03/26/2019 - 10:37
Background

Ryuk Ransomware normally targets high-level profile or targeted organization.  Ryuk ransomware shares the same code as Hermes Ransomware used by North Korean APT the Lazarus Group. Normally it has been previously infected with Emotet and/or TrickBot malware before Ryuk ransomware was installed.  Admin privilege is required to run the Ryuk ransomware. When it gets infected you will get a ransom note called “RyukReadMe.txt”. Apart from that it can disable security and delete all your backups. A ransom ranging between 15 BTC to 50 BTC is needed to get the key of encryption. However, it is strongly recommended not to pay the ransom.

Affected System

All type of Windows System

Symptoms
  • Encrypt all files
  • Personal files inaccessible
  • Ransom note created on the desktop
  • Slow internet connection
  • Slow down PC performance
Recommendations

•    Always have a backup stored in an isolated network environment to successfully recover a compromised system.
•    Patching and updating software is an essential preventative measure when keeping machines up-to-date and safe from threats. 
•    Download a reputable anti-malware software and perform full system scan in safe mode with networking
•    It is strongly recommended not to pay the ransom.
•    Good cyber hygiene and safe practices