Ransomware is undoubtedly one of the most important threats on the Internet. There are many varieties that our equipment can compromise. As we know, the goal is to encrypt files and systems and in return ask for a financial ransom. In this article we are going to talk about Ryuk , who is one of the most popular, and how he improves his techniques to attack victims.
New Ryuk Ransomware Techniques
Hackers often adapt and improve attacks to achieve their goal. It is true that we can currently have a wide variety of defensive tools, such as antivirus, browser extensions, firewalls … But attackers also improve the way they infect systems.
In this case, new techniques from the Ryuk ransomware makers are targeting remote desktop connections to a greater extent. It is a reality that in recent months everything remote has gained greater importance. There are many users who carry out their functions from their homes, many companies that offer their products through the Internet and, ultimately, a greater use of the remote desktop.
Now, how do they manage to infect with Ryuk? This point is very important, since it will basically allow us to be alert and protect ourselves from this threat. In this case, in recent times the strategy most followed by cybercriminals to sneak this variety of ransomware is email . They send a Phishing email in which they attach a malicious file containing the malware.
According to Advanced Intelligence security researchers, in recent months Ryuk attacks have targeted exposed RDP connections that can be a way to access an entire network.
On many occasions they have also relied on b-route force attacks to be able to access these remote desktops and sneak the ransomware. But also campaigns through calls, Spear Phishing and other similar varieties.
But among the most prominent novel techniques, hackers warn of the use of a tool called KeeThief . It is open source and the goal is to extract passwords and credentials from the KeePass key manager.
They are also based on certain vulnerabilities that are present in systems and applications. Some are even part of the Windows operating system itself, so it is always important to keep it up to date.
How to protect ourselves from Ryuk ransomware
At this point, it’s time to give some tips to avoid being victims of Ryuk ransomware and any other variety that could put our security and privacy at risk. We are going to give some basic recommendations.
Without a doubt the most important thing is common sense . We have seen that in many cases the technique used consists of carrying out a Phishing attack. We must avoid accessing links that may be dangerous or downloading attachments by e-mail that we cannot trust.
It will also be essential to have the systems updated . In the case of Ryuk ransomware, it is based on many vulnerabilities that are present in the remote desktop, Windows and other applications that we use. We must always have the patches and updates available.
One more tip is to have security programs . This will allow us to prevent the entry of malicious software. A good antivirus can help us do this.