Ryuk ransomware comes to the biotech company


Investigators still know the extent of the cyberattack that has affected U.S. government agencies and other victims around the world – AFP

Ryuk ransomware has established a foothold in the biotechnology research institute. This occurred through the activities of a student who was unwilling to pay for the required software required as part of a program of study.

The latest cybersecurity incident was discovered by security investigators. The research revealed how a single student unknowingly became the conduit for a ransomware infection that cost a biomolecular institute a week of vital research. The event took place at an undisclosed European biomolecular research institute.

After the student downloaded and ran “broken” software, the institute recorded a Remote Desktop Protocol (RDP) connection using the student’s credentials. The problem was that it occurred ten days after making that connection that Ryuk deployed to the network.

The net effect was to cost the institute a week of research data, as the backups were not fully up to date. In addition, the system and server files had to be “rebuilt from the beginning,” according to the researchers, before the institute could resume normal work activity.

Ryuk’s ransomware was created by the hacker group Wizard Spider and has engaged governments, academia, health, manufacturing and technology organizations. In 2019, Ryuk had the highest rescue demand at $ 12.5 million and probably earned a total of $ 150 million by the end of 2020. By 2021, agents continue to use malware. scoundrel.

Gary Ogasawara, CTO of Cloudian, tells Digital Journal that in this case there are lessons to be learned from all public sector companies or organizations.

Ogasawara considers the seriousness of the incident: “As evidenced by this student’s situation, RDP sessions exposed on the Internet are commonly used to infect end-user devices. These sessions are intended to log in remotely on Windows computers and allow the user to securely control the device.

We cannot rely on traditional forms of defense, says Ogasawara: “Unfortunately, hackers have become adept at brute force attacks against these exposed computers that allow them to take advantage of PDR vulnerabilities and insert ransomware.”

When these incidents occur, Ogasawara advises, “In the event that ransomware has been deployed on a network, storage-level protection is crucial to ensure that data is secure and available.”

He adds: “More specifically, by maintaining an immutable backup of data, organizations can prevent cybercriminals from encrypting or deleting files. That way, they have an unencrypted copy to restore if an attack occurs, which will allow them to access their data without having to pay a ransom. “

Source link