Skip to main content

Hackers are scoring with ransomware that attacks its previous victims

Image used with permission by copyright holder

Hackers are targetting computers with ransomware that scours a previously infected network in order to pinpoint and attack and enterprises with big money. Named “Ryuk,” the ransomware has been around since 2017, but only recently, in mid-2018, has there an uptick in successful attacks, according to research done by the security experts at FireEye.

Upward of $3.7 million in Bitcoin has been acquired by hackers leveraging these attacks, which first infects victims PCs with a “Trickbot” trojan, and then subsequently the “Ryuk” ransomware. As part of the process, after sending a payroll phishing email and tricking victims into opening it, the hacker is able to use the”Trickbot” trojan and scour the victim’s network and files to determine if the target is worth infecting with a subsequent attack via “Ryuk.”

It can lay dormant for a year or longer, and the unique element is that in that time period, the hacker can determine whether to direct another attack from “Ryuk” at a previously infected organization in order to extort large ransom fees.

“Interactive deployment of ransomware, such as this, allows an attacker to perform valuable reconnaissance within the victim network and identify critical systems to maximize their disruption to business operations, ultimately increasing the likelihood an organization will pay the demanded ransom,” explains the team at FireEye.

It is not certain which country is leveraging these attacks, but FireEye does not believe that it is coming from North Korea. Subsequent reports from another security firm CrowdStrike finds that the attacks could be linked to the “Grem Spider Group” in Russia due to IP addresses which are being used in the process. FireEye also believes that these attacks can increase in 2019 “due the success these intrusion operators have had in extorting large sums from victim organizations.”

There have been several high profiles cyberattacks recently, one which targeted newspapers across the United States, and another which leveraged social engineering to target emails accounts. To protect against these types of attacks, it is always best to avoid opening emails from suspicious email addresses. You also could consider never opening Microsoft Office files with macros enabled, which hackers often use to push out viruses via phishing emails. You also should keep both Windows 10 and your antivirus up to date, to ensure that you’re fully guarded.

Editors' Recommendations

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
Ransomware attack on hospital may have led to death of patient
first responder app cardiac arrest ambulance

A ransomware attack on a hospital in Germany may have led to the death of a patient in what could be the first case of its kind.

Computer systems at Dusseldorf University Hospital suffered such severe disruption in the attack last week that the hospital was unable to accept emergency patients or perform operations. The female patient who died had required urgent treatment, but she was redirected to another medical facility about 18 miles away as the hospital was unable to admit such cases.

Read more
Russian hacker tried to bribe Tesla employee, Elon Musk confirms
Elon Musk

Tech giant Tesla was the target of a $1 million ransomware attack, according to the Federal Bureau of Investigation.

According to the FBI, 27-year-old Russian man Egor Igorevich Kriuchkiv was arrested on August 22 for conspiring to execute malware at Tesla’s Gigafactory Nevada. The hacker was part of a ransomware group that has reportedly committed previous ransomware attacks, though the FBI has yet to release information on the other targets.

Read more
Garmin confirms ransomware cyberattack shut down services
garmin fenix 6x pro forerunner 235 instinct vivoactive 4s fitness tracker smartwatch deals best buy fathers day sale 2020

Garmin confirmed its server outage was the result of a malware cyberattack that encrypted several of its online systems.

While Garmin did not say who was responsible for the attack, the company did label itself as a “victim,” saying later in the release that it “did not expect any material impact to our operations or financial results because of this outage.”

Read more