Ryuk: The ransomware that earned hackers $3.7m in bitcoin

14 Jan 2019

Image: © prima91/Stock.adobe.com

Ryuk is a ransomware threat spreading like wildfire across the internet, and it operates in an unusual way.

In the past week, a major operation saw cryptocurrency exchange Coinbase suspend trading on Ethereum Classic, following the manipulation of the digital currency’s blockchain.

Meanwhile, an EU legal adviser said that Google is not required to implement the bloc’s ‘right to be forgotten’ outside member states. Expert Maciej Szpunar said that the European Court of Justice should “limit the scope of the de-referencing that search engine operators are required to carry out”.

In other news, side-channel attacks can be pretty disastrous and a new version of this method discovered by a group of researchers targets the machine operating system itself, rather than the CPU microarchitecture.

Finally, food firm Mondelēz has taken legal action against insurance firm Zurich over the latter’s refusal to pay out on a claim for damages caused by the destructive NotPetya attack. The case could have major implications for cybersecurity insurance in the future.

So, what else is happening in the enterprise world?

Ryuk ransomware quite a moneymaker

Reports from cybersecurity firms CrowdStrike and FireEye say that the recently discovered ‘Ryuk’ ransomware has earned $3.7m in bitcoin since August. According to the reports, the most notable thing about this particular method is the selective approach. Ryuk infects large enterprises days, weeks or even a year after an initial infection by a different strain, usually with a trojan known as ‘Trickbot’.

The group does not bother deploying Ryuk against companies that are adversely affected by the initial Trickbot attack, as they are deemed not to have the resources to make them a worthy victim. By using this approach, the attackers can siphon out the companies with better defences, as they generally have budgets to pay out larger ransoms.

Was El Chapo brought down by his IT guy?

Cristian Rodriguez, a Colombian technology expert, apparently helped the FBI bring down notorious drug kingpin El Chapo, aka Joaquín Guzmán. The latter’s trial is currently underway in Brooklyn, New York.

According to FBI testimony reported on by The New York Times, Rodriguez developed an encrypted communications system for El Chapo and eventually ended up sharing details and secret files with the US officials. He will not be facing co-conspirator charges.

British security body publishes anti-sabotage guidelines

The British Security Industry Association has published guidelines to reduce the digital sabotage exposure of connected equipment, software and systems used in electronic security.

According to Infosecurity, the document is “intended to be used as a guide by any stakeholder (designers, manufacturers, installers, maintainers, service providers and users) in the supply chain regarding connected security devices/services”.

Vietnam says Facebook violated new cybersecurity law

Last June, Vietnam published a new cybersecurity law giving its administration powers to monitor online activity. At the time, firms such as Facebook and Google said that controls on content that affect free speech and data sharing would harm the country’s economic standing.

According to Sophos, state-controlled media company Vietnam News said Facebook violated the new law by not removing what it claims is anti-government content.  Facebook said it has a clear process for governments to report illegal content. “We review all these requests against our terms of service and local law. We are transparent about the content restrictions we make in accordance with local law in our Transparency Report.”

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com