Another week, another “dangerous new ransomware.” Ready for the next evolution? A new version of Ryuk ransomware is capable of worm-like actions. It can spread itself around infected networks.
Here’s the killer – it’s one of the most successful families of ransomware, and gets regular updates to maintain effectiveness.
How does it move around? It uses Wake-on-LAN to do so.
Why do we care?
There’s the very short term need to know about this new variant. Regrettably, it’s not like you can turn off Wake-on-LAN, because of the need to use that feature.
Two bits. First, think about Ryuk as actual software. It has a team that is constantly updating and enhancing it. Again this reinforces that notion of the adversary as significant.
Second, do think about this from a zero-trust perspective. If you’re not trusting any device, you at least lower the chances of these kinds of attacks working. Do I think that’s a pancea? Of course not. But assuming everything inside the network can be trusted is really a dead concept.
Some resources to help – the National Cyber Security Center has released a Cyber Action Plan, which is a free online service designed to help small businesses protect against cyberattacks. It’s a questionnaire you can leverage with clients right away.