Ransomware removal experts have found a new enemy circling the security space. The ransomware has been identified as the Ryuk Ransomware. The cybercriminal team behind Ryuk has so far extorted $640,000 from its victims. The ransomware was first found in mid-August. Due to its newness, analysis and investigations are carried out to find its modus operandi as well as any link to other cyber threats.
The general viewpoint shared by ransomware removal experts is that cybercriminals associated with ransomware distributed through proper planning set their eyes on a single target. The targeted company then faces malicious phishing campaigns. Other infection strategies include exploitation of weak Remote Desktop Protocol in the victims’ systems.
A ransomware removal expert Mark Lechtik agreed with this analysis and gave his opinion on the ransomware. He explained that the ransomware requires administrator’s privileges to get the complete control of the affected systems. However, the ransomware itself is not capable to do it. Hence, it needs a tool that can help in the exploitation of the privilege. However, Mr. Lechtik has not been able to pinpoint this tool that has helped the team behind Ryuk Ransomware to succeed in their nefarious plans.
It is also reported that the ransomware terminates various services and processes of the infected systems. A ransomware removal expert from Check Point said that the ransomware closes down about 180 services and 40 processes.
Unfortunately, ransomware removal experts have not been able to devise a counter-attack tool to decrypt files affected by ransomware. The ransomware utilizes the cryptographic algorithms RSA (Rivest, Shamir, & Adleman) and AES (Advanced Encryption Standard) and combines them to form a formidable combination that cannot be decrypted. Security experts are continuously trying to find a flaw in the code and design of the ransomware in order to create decryption software.