Specialists in system audits have detected a new ransomware variant that has already managed to infect more than a hundred private companies and government institutions in the United States and, most recently, in China. Tencent, the company in charge of the report, claims that the attacks are directed from Asian territory.
The report mentions that this encryption
malware is a new variant of the well-known Ryuk ransomware,
mainly employed in cyberattacks against logistics & technology companies and
local governments. According to an FBI report, the operators of this campaign
would have obtained about $5M USD in Bitcoin transfers.
Recently, the government of Lake City, Florida,
decided to pay more than $400k USD in Bitcoin to a hacker group after their
systems were infected with this ransomware variant, causing a small
bureaucratic crisis in the city. Just days earlier, Riviera Beach officials,
also in Florida, paid a ransom of more than $500k USD for an infection of the
same encryption malware.
According to system audits specialists, the
Ryuk ransomware is a variant of the Hermes virus created sometime in 2018. Ryuk
infections are usually spread through botnets or spam campaigns and get into
victims’ systems by exploiting undefined IP ports.
“When successfully installed, the
ransomware proceeds to remove any files that may give away its presence, as
well as interrupt the activity of the antivirus software of the infected
system”, the specialists mention. Finally, when starting any Internet
browser, victims will find the note of the hackers where the ransom is
demanded, in addition to the instructions to perform the transfer via Bitcoin
(sometimes they may be other variants of virtual asset).
According to system audits experts from the
International Institute of Cyber Security (IICS), security firms and agencies
like the FBI have been on the trail of this malware for at least a year; as if
that were not enough, it has been mentioned that this Chinese variant of Ryuk
is capable of running on 32-bit and 64-bit systems, which greatly expands the
potential scope of the infection, also, we still ignore the total number of
victims so far.
