Ransomware attacks have become more sophisticated. And are adopting improved invasive methods that are making detection more complicated.

Due to the COVID-19 pandemic crisis, the phishing email tactics have grown to several folds. The threat actors are taking great advantage of this crisis, to trick users into spreading CONVID-19 phishing emails to spread the malware.

One the threats which is now posing risk to enterprises is the Ryuk Ransomware. That is attacking giant enterprises like healthcare and even employing data leak sites. This has increased the risk of data exposed to several folds. As rather than traditional ransomware asking for a ransom fee to provide the decrypt key.

Thus, in recent times, more and more enterprises have been the victim of Ryuk Ransomware and are still to get riskier.

Ryuk Ransomware Deploy Tactics

Ryuk ransomware has been active since 2018, and since then it is mostly targeting big companies and organizations. The threat is operates by a Russia-based threat actors group- Wizard Spider.

In recent times, the Ryuk is observed deployed via BazaarLoader, which is a severe backdoor Trojan. When dropped, it allows remote access to the attackers which then exfiltrate various sensitive data including credentials.

The Bazarloader is managed by the same criminal group which is behind the Trickbot malware. The BazarLoader backdoor Trojan has improved its detection tactics that results in increased its invasive capabilities. Thus, the attackers have up their game and made some strategic changes to deploy Ryuk Ransomware.

The BazarLoader uses post-exploitation tools like BloodHound and Lasagne to map the Windows domain and extract the credentials.

Eventually, the threat actors behind Ryuk deploy the ransomware to the entire network. Ultimately, the Ransomware now has the wider reach which may force the Enterprises to pay massive ransoms.

Recent attack campaigns Of Ryuk

Now, the ransomware is spreading actively, mostly targeting the healthcare sector. The main focus is North America, South Asia, along with the Western Europe.

A joint report from Check Point and IBM, says, the ransomware targets approx. twenty companies within a week. These attacks have been observed in the U.S., India, Sri Lanka, Russia, and Turkey.

In September 2020, Ransomware managed to attack an American Company Universal Health Services, which is a provider of various hospitals and healthcare related services. The attack campaign uses phishing as their vector to drop the threat.

Why Ryuk is an evolving threat To Enterprises?

The reason behind targeting the enterprises is to take hold of larger data and demand huge ransom.

A recent report by DFIR, says, the Ryuk ransomware takes only 29 hours to execute its attack campaign. This includes from attacking the target network via phishing campaigns, comprising the target and the final encryption process.

Secondly, Ryuk is now operating its data leak sites since August, which claims to expose leaked data of the organizations, if the ransom is not paid.

Soon after that, the researchers also found Ryuk ransomware using the Binanace exchange platform for transactions of Bitcoin currency worth more than $1 millions.


From the above analysis, it is clear that Ryuk is not going to stop here. In fact, it is now becoming a persistent Ransomware threat seeking ways to target bigger organizations. 

Thus, the security experts advise the employees of the organizations to adopt preventive measures to combat the attacks. Additionally, companies should adopt effective anti-ransomware solutions across their network and services till the endpoint to secure the critical assets.

Whether it is home users, small business or large organizations, every one should start backing up their data. As this is the most prominent solution to fight against Ransomware attacks.

Check Out ESET Business solutions

ESET Antivirus and Internet Security

Review: ESET provides endpoint security and complete solutions for more than 1000+ devices. Its security solutions bundles with:

  • endpoint protection,
  • data protection,
  • mail protection and more.

Besides that, its enterprise products and services also includes that training, professional services, cloud-based security management. Also includes zero-day threat detections and implementations of advanced internet security.


Article sources:

  • Bleeping computer
  • cyware.com

More From Unboxhow