Twitter
Twitter
Facebook
Kaspersky Partner
Twitter
Facebook
Kaspersky Partner

Virus | malwares | cyberintrusion

Le Rançongiciel (ransomware) Ryuk (mise à jour)


mercredi 24 février 2021

Rançongiciel Ryuk : dernières évolutions et mesures de sécurité

Les marqueurs techniques suivants sont de nouveaux marqueurs réseau associés au rançongiciel Ryuk (voir la publication CERTFR-2020-CTI-011). Ils peuvent être utilisés à des fins de recherche de compromission dans des journaux historiques ou de détection.

 

Source :


30/10/20 : Le rançongiciel / #ransomware Ryuk


Ryuk

Ryuk ransomware, which spread in August 2018, disabled the Windows System Restore option, making it impossible to restore encrypted files without a backup.

Ryuk also encrypted network drives.

The effects were crippling, and many organizations targeted in the US paid the demanded ransoms. August 2018 reports estimated funds raised from the attack were over $640,000.


CERT Kaspersky – Ryuk

We recommend taking the following measures:

  1. Install antivirus software with centralized security policy management on all systems; keep the antivirus databases and program modules of your security solutions up to date. Allow antimalware protection to be disabled only after entering the administrator password (it this policy is not active, attackers can disable antivirus solutions after they have gained remote control of the system).
  2. Regularly back up data; store the backup copies securely, verify their integrity and ensure that they are up to date so that the data can easily be recovered in an emergency.
  3. Install security updates for the operating system and application software un a timely manner.
  4. Restrict the use of RDP and third-party remote administration utilities to the extent possible. Use only strong passwords for user accounts with the right to manage the organization’s systems remotely via RDP. Avoid storing passwords in plaintext and regularly change them.
  5. If there are signs of an attack (if the TrickBot malware is detected), isolate the systems under attack from the enterprise network and force a password change for all user accounts that may have been compromised.
  6. Train enterprise employees to use email securely and, specifically, to recognize phishing emails

Source :


 

Le Rançongiciel (ransomware) Ryuk (mise à jour)

Rançongiciel Ryuk : dernières évolutions et mesures de sécurité

Les marqueurs techniques suivants sont de nouveaux marqueurs réseau associés au rançongiciel Ryuk (voir la publication CERTFR-2020-CTI-011). Ils peuvent être utilisés à des fins de recherche de compromission dans des journaux historiques ou de détection.

 

Source :


30/10/20 : Le rançongiciel / #ransomware Ryuk


Ryuk

Ryuk ransomware, which spread in August 2018, disabled the Windows System Restore option, making it impossible to restore encrypted files without a backup.

Ryuk also encrypted network drives.

The effects were crippling, and many organizations targeted in the US paid the demanded ransoms. August 2018 reports estimated funds raised from the attack were over $640,000.


CERT Kaspersky – Ryuk

We recommend taking the following measures:

  1. Install antivirus software with centralized security policy management on all systems; keep the antivirus databases and program modules of your security solutions up to date. Allow antimalware protection to be disabled only after entering the administrator password (it this policy is not active, attackers can disable antivirus solutions after they have gained remote control of the system).
  2. Regularly back up data; store the backup copies securely, verify their integrity and ensure that they are up to date so that the data can easily be recovered in an emergency.
  3. Install security updates for the operating system and application software un a timely manner.
  4. Restrict the use of RDP and third-party remote administration utilities to the extent possible. Use only strong passwords for user accounts with the right to manage the organization’s systems remotely via RDP. Avoid storing passwords in plaintext and regularly change them.
  5. If there are signs of an attack (if the TrickBot malware is detected), isolate the systems under attack from the enterprise network and force a password change for all user accounts that may have been compromised.
  6. Train enterprise employees to use email securely and, specifically, to recognize phishing emails

Source :


 

Le Rançongiciel (ransomware) Ryuk (mise à jour)

Rançongiciel Ryuk : dernières évolutions et mesures de sécurité

Les marqueurs techniques suivants sont de nouveaux marqueurs réseau associés au rançongiciel Ryuk (voir la publication CERTFR-2020-CTI-011). Ils peuvent être utilisés à des fins de recherche de compromission dans des journaux historiques ou de détection.

 

Source :


30/10/20 : Le rançongiciel / #ransomware Ryuk


Ryuk

Ryuk ransomware, which spread in August 2018, disabled the Windows System Restore option, making it impossible to restore encrypted files without a backup.

Ryuk also encrypted network drives.

The effects were crippling, and many organizations targeted in the US paid the demanded ransoms. August 2018 reports estimated funds raised from the attack were over $640,000.


CERT Kaspersky – Ryuk

We recommend taking the following measures:

  1. Install antivirus software with centralized security policy management on all systems; keep the antivirus databases and program modules of your security solutions up to date. Allow antimalware protection to be disabled only after entering the administrator password (it this policy is not active, attackers can disable antivirus solutions after they have gained remote control of the system).
  2. Regularly back up data; store the backup copies securely, verify their integrity and ensure that they are up to date so that the data can easily be recovered in an emergency.
  3. Install security updates for the operating system and application software un a timely manner.
  4. Restrict the use of RDP and third-party remote administration utilities to the extent possible. Use only strong passwords for user accounts with the right to manage the organization’s systems remotely via RDP. Avoid storing passwords in plaintext and regularly change them.
  5. If there are signs of an attack (if the TrickBot malware is detected), isolate the systems under attack from the enterprise network and force a password change for all user accounts that may have been compromised.
  6. Train enterprise employees to use email securely and, specifically, to recognize phishing emails

Source :