Ryuk Ransomware Disrupts Major U.S. Newspaper Production

The New Year is here, and the ransomware scourge shows no signs of abating.

Over the past weekend, a major newspaper publisher experienced a server outage that interrupted the production and distribution of U.S. newspapers including The New York Times, The Wall Street Journal, Los Angeles Times, and Chicago Tribune.

It’s suspected the source of the server outage and disruption is ransomware. Several sources have indicated corrupted files with the .ryk extension were found. This is the calling card for the Ryuk ransomware strain.

What is ransomware?

Ransomware is a digital menace carried out by cybercriminals. Ransomware seeks to hold a computer’s data for ransom by encrypting it, rendering it unusable.

The cybercriminals will then request a payment, typically in cryptocurrency, for the decryption of the files.

Paying the ransom is a risky proposition, as there are many reports where the cybercriminals don’t uphold their part of the bargain. You’d also be encouraging the cycle of ransomware to continue.

Unfortunately for some businesses, paying the ransom may be necessary, especially for those with no proper data backups and with encrypted data that’s mission critical.

Malicious emails continue to be a major security concern

Malicious emails or spam (malspam) is one of the main sources of ransomware infection. These types of emails can contain links to malicious sites or have attachments (such as Microsoft Word documents) that will infect upon opening them.

Though scams in the past may have been relatively easy to spot, modern attacks can be hard to detect. Cybercriminals are using social engineering to tailor the attacks to their victims. Emails can contain industry-specific lingo that jive with a target’s line of businesses, or may appear to come from a service or individual they currently interact with. The emails can include branding and graphics that make the scam even more difficult to discern as bogus.

Ryuk, ransomware tailor-made for targeted attacks

Ryuk appears to be a ransomware strain that’s engineered for extremely tailored, small-scale attacks. The encryption scheme seems to seek out the integral resources of a system. Some of the operation also appears to be carried out manually. Thus, the attackers behind the Ryuk attacks are probably highly experienced and not the type of neophyte cybercriminals who rely on crimeware, or exploit kits that are offered for sale by their programmers.

How to stay safe in the ransomware age

A layered approach to security is one of the best ways to stay protected against cyber threats like ransomware.

Businesses must invest in appropriate network security, including antivirus software and firewall hardware, for a proper foundation of security. Specialized security, such as protection at the DNS layer, is very welcome.

Business owners and IT personnel should educate employees on the current ransomware trends and tactics.

“Think before you click” is an appropriate mantra to keep in mind when surfing online or going through your daily emails.

If something looks suspicious, it probably is bad. If you need to verify a communication’s authenticity, contact the sender directly via their website, a separate email, or even phone.

Data backup: the ultimate insurance policy

A secure backup is the ultimate last line of defense. When your security layers fail, a good backup and timely restore can mean the difference between getting back to business and possibly going out of business.

Need weapons-grade data backup to keep your business protected from ransomware and other threats?

Thrive’s DRaaS is a mature backup, business continuity, and disaster recovery service fully managed by us. Data is securely backed up, and offsite replication in our data centers helps ensure that data stays alive.

With backups as often as every 15 minutes, and up to a years’ worth of backups, you can have the confidence of being able to restore mission-critical data in the event of total disaster.

Contact us today for a consultation.