Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
Look out, SamSam. There’s a new ransomware in town that’s very carefully targeting enteprises and businesses. Say hello to Ryuk. In the first two weeks after its August debut, the ransomware has made their cyber attackers over $640,000 USD. By contrast, SamSam has taken about three years to make its author about $6 million USD.
While the people behind Ryuk are on their way to their first million dollars worth of Bitcoin, they also think you should be very honored to be attacked by them. This is some of what their ransom note says:
“Gentlemen! Your business is at serious risk. There is a significant hole in the security of your company… You should thank the Lord for being hacked by serious people not some stupid schoolboys or dangerous punks… The final price depends on how fast you write to us. Every day of delay will cost you additional +0.5BTC… Nothing personal just business.”
Cryptocurrency values fluctuate wildly, but when I checked the Bitcoin to US dollar exchange rate on August 23rd, a Bitcoin was $6,410.74. So apparently each day an organization delays costs them more than a few grand. The main ransom amount demanded has varied from 15 to 50 Bitcoin, that’s about $96,000 to $320,000. Because these attacks are so targeted, I believe they may be adjusting their demand according to what they think their target can pay.
Like most other ransomware that targets the enterprise, Ryuk exploits Windows vulnerabilities. But unlike WannaCry, there isn’t one specific vulnerability that it always targets first, such as that notorious Windows SMB exploit. Ryuk’s cyber attackers will spend time mapping their targets’ networks and maliciously acquiring credentials. As Microsoft patches Windows and Cisco patches networking devices, the Ryuk team will probably find new vulnerabilities to exploit. And they do it all just for you!
It’s hypothesized that the people behind Ryuk are either North Korea’s Lazarus Group, or a group that has learned from Lazarus’ work. That’s because Ryuk resembles HERMES in many ways. HERMES was discovered in October 2017 when it was used against Taiwan’s Far Eastern International Bank to steal about $60 million through SWIFT. It’s strongly believed that Lazarus conducted that attack. The code used in Ryuk to place a marker to check that a file has been encrypted is identical to the code used for the same function in HERMES. Both Ryuk and HERMES are very selective of what they encrypt in a Windows system. They’ll encrypt what the target really needs, but not what they need in order to read the ransom note and make the Bitcoin payment. And they both go about the encryption process the same way, whitelisting specific Windows folders, writing a file called “window.bat” to each folder, and a script to delete shadow volumes and backup files.
Ryuk is also ready to exploit really legacy Windows systems, such as Windows 2000 32-bit. What is an OS that’s been out of support for so long doing on the internet? Or maybe those machines are just in an organization’s internal network, but the Ryuk black hats must have gotten into their targets’ internal networks through a machine that is connected to the internet. Any computer that runs an OS that’s no longer supported should be completely isolated from the internet, or exist as a virtual machine (that a network administrator can delete at will) if using that OS/version can’t possibly be avoided.
Ryuk also has a really nasty persistence technique. It just writes itself to the Run registry. Ouch!
Only time will tell if Ryuk is the work of North Korea’s notorious Lazurus Group, or if we’re looking at the work of Lazurus Part Deux. The LulzSec to Lazarus’ Anonymous if you will. (Well not only time will tell, but also the work of dedicated malware researchers like the Comodo threat intelligence lab.)
Related Resources:Virus RemovalAntivirus SoftwareWhat is Computer VirusWikipedia Hacked by DDoS AttackVirus ScanRansomware Attack
Ransomware Protection Software
Tags: ransomware,Ransomware attacks,Ryuk
Reading Time: 4 minutes Increased dependency on computers and access to data makes an organization more vulnerable to cybersecurity threats. With the increase in cyber-criminals and cyber-attacks, many companies today are looking for greater protection of their decentralized computing work environments from their Managed Service Providers (MSPs). As a result, MSPs need to deliver firewall solutions that are designed…
Reading Time: 3 minutes Rapid technological growth and increasing digitalization in all aspects of life around the world have increased the value of ensuring cyber-security at all levels. This is increasingly true for EU member states and the organizations that are based in or operate from these countries. The number of cyber-attacks targeting EU member states has risen. The…
Reading Time: 3 minutes Disruptions are often unforeseen. This could be a catastrophic event like a hurricane, a fire, or an earthquake. Disruptions, however, can also come in other forms such as that of a pandemic. This means that a building doesn’t necessarily have to be demolished or lives have to be lost for an unforeseen event to completely…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats
Advanced Endpoint Protection, Endpoint Detection and Response Built On Zero Trust Architecture available on our SaaS EPP