RYUK – Hmmmm, Another Ransomware, which targets Low Risk tolerance organizations, mostly looking for Governments, schools, emergency services. It is came to know that it’s source code is derived from a product called Hermes A north Korea’s Lazarus product. RYUK doesn’t meant to attack the system which runs in Russian, Ukrainian, Belarusian Language, because it’s source code is from a Russian speaking seller. But it’s not clear how the hell Russians got the code from North Koreans.
This Ransomware made its debut in Internet worldwide in August 2018 and later in July 2019.
RECENT RYUK ATTACK:
After the instance from August 2018 this time it was a city named New Bedford which is located in Massachusetts state in United States of America, but they had to fled impecuniously since the Government said they can manage to recover the attack from bits and pieces with the backups they have, said by Mayor Jon Mitchell.
How and where it begun?
New Bedford is the sixth largest city in Massachusetts with total of population around a Lakh, The city was first infected by some unspecified virus into the systems, that’s what dropped infamous RYUK ransomware in to the systems, and the attacker’s have demanded for a hefty amount of $5.3 Million within certain period of time.
On July 5th MIS-Management information services staff identifies and disrupted a computer attack, in the early morning before people hurried for work. The city’s MIS department said they successfully recovered the affected Software applications and replaced the workstations that were subjected to the attack by the RYUK. Fortunately it doesn’t affect the Service Delivering Sectors to the residents of New Bedford.
With due luck, skill and Architecture of the the network only 4% of the systems were compromised i.e 158 computers out of total 3532 computers, which all are mostly used by the fire department for the administrative purposes, Municipal services systems are left behind unaffected because of Compartmentalized network structure and most of the computers were switched off in holiday when it was starting to spread and the quick effort to switching off and disconnecting of services and servers said by Mayor Jon Mitchell and MIS staff.
DEMAND OF RANSOM?
Attackers demanded a hefty amount of $5.3 Million in Bitcoins which will be the highest paid ransom if it was paid, for decryption and recovery of Data.
But, Mayor negotiated with the attackers with an amount of $400000 but the attackers denied to go with it and they returned home empty handed sadly:) MIS staff took care of the affected Systems and services to get back to its normal Working space. “Recovering Cost will come under city’s Cyber insurance policy, but it will cost them is MIS staffing” said by Mitchell.
Mayor stated that it doesn’t always go well Rejecting $50000 would end up in $18 Million to recover it. He reject to say More Details regarding the Attack with respect to the advice from Cyber Security Experts.
Mayor Said, Giving Ransom will not solve the Problem it only encourages the guys who did it. The city is working on it to recover meanwhile all the essential Services are running seamlessly.
So Always have a Backup plan for your data and Your life too in case.
Don’t pay the Ransom it doesn’t solve the problems, It only encourages the Attackers .
Paying up of Ransoms will make the attackers hungry for bigger prey.