-
A new ransomware campaign targeting large organisations in the US and around the world has made the attackers behind it over $640,000 in bitcoin in the space of just two weeks, and appears to be connected to Lazarus, the hacking group working out of North Korea."From the exploitation phase through to the encryption process and up to the ransom demand itself, the carefully operated Ryuk campaign is targeting enterprises that are capable of paying a lot of money in order to get back on track," said security company Check Point.Ryuk ransomware first emerged in mid-August and in the space of just days, infected several organisations across the US, encrypting PCs and storage and data centres of victims and demanded huge Bitcoin ransoms -- one organisation is believed to have paid 50 Bitcoin (around $320,000) after falling victim to the attack.The new ransomware campaign has been detailed by the researchers at Check Point who describe the attacks as highly targeted to such an extent that the perpetrators are conducting tailored campaigns involving extensive network mapping, network compromise and credential stealing in order to reach the end goal of installing Ryuk and encrypting systems.It sounds similar to the techniques used by those behind SamSam ransomware, which has made its authors over $6 million, although there's not thought to be a link between these two particular malicious operations.Researchers have yet to determine how exactly the malicious payload is delivered, but users infected with Ryuk are met with one of two ransom notes.One is written almost politely, claiming that the perpetrators have found a "significant hole in the security systems of your company" which has led to all files being encrypted and that a Bitcoin ransom needs to be paid to retrieve the files."Remember, we are not scammers" the message concludes -- before stating how all files will be destroyed if a payment isn't received within two weeks.
Subscribe to:
Posts (Atom)