Contact Contact Us

Ryuk Ransomware Claims Another Victim

The Ryuk ransomware hit a county newspaper in the US, affecting the agency's email server, Internet-based phones and publishing system. The news agency managed to regain some production capabilities after restoring from backups, but the ransomware was able to re-infect the data infrastructure five days later. The initial infection vector was not revealed but Ryuk operators typically attacks poorly secured remote desktop protocol access and leverages on living-off-the-land binaries to move within the compromised network and to download and execute payloads. Ryuk operators have been active since at least December 2017 and netted over US$3.7 million in ransom payments.

[1] Watertown Daily Times Again Gets Hit with Ryuk Ransomware Attack

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883