Press "Enter" to skip to content

A new ransomware variant to know about

Another week, another “dangerous new ransomware.”  Ready for the next evolution?      A new version of Ryuk ransomware is capable of worm-like actions.  It can spread itself around infected networks.

Here’s the killer – it’s one of the most successful families of ransomware, and gets regular updates to maintain effectiveness. 

How does it move around?  It uses Wake-on-LAN to do so.

Why do we care?

There’s the very short term need to know about this new variant.  Regrettably, it’s not like you can turn off Wake-on-LAN, because of the need to use that feature.  

Two bits.  First, think about Ryuk as actual software.    It has a team that is constantly updating and enhancing it.   Again this reinforces that notion of the adversary as significant.

Second, do think about this from a zero-trust perspective.  If you’re not trusting any device, you at least lower the chances of these kinds of attacks working.  Do I think that’s a pancea?  Of course not.    But assuming everything inside the network can be trusted is really a dead concept. 

Some resources to help – the National Cyber Security Center has released a Cyber Action Plan, which is a free online service designed to help small businesses protect against cyberattacks.    It’s a questionnaire you can leverage with clients right away.  

Source: ZDNet, ZDNet