The Ryuk cryptocurrency-stealing ransomware is still making its rounds. The malware, which is said to be used by the North Korea-linked hacking organization known as the Lazarus Group, has struck a U.S. Coast Guard facility, putting it dead in the water for a total of 30 hours before the damage could be reversed. As far as ransomware is concerned, Ryuk is picking up steam as the go-to solution for crypto thieves and hackers.
According to the Coast Guard, Ryuk made its way to a computer at a facility through an email phishing campaign. Once clicked by an employee, it was able to easily propagate its way across the network, disabling the facility’s operational capabilities.
An announcement released by the Coast Guard when the attack happened read, “Forensic analysis is currently ongoing but the virus, identified as “Ryuk” ransomware, may have entered the network of the MTSA [Maritime Transportation Security Act] facility via an email phishing campaign. Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files.”
It isn’t clear exactly when the attack happened or if a ransom was paid. This is the second time the Coast Guard has had to fight off a similar assault in less than a year, following a similar incident that took place last July.
Just a little less than a year before that, in September 2018, the Port of San Diego had been hit in another ransomware attack. Two months later, both the state of Louisiana and the Prosegur security company reported separate Ryuk ransomware attacks. As with the other cases, there was no information reported on whether or not a ransom was paid, or how much may have been sought.
Ryuk is the go-to ransomware for big payday attacks. It was first identified in 2018 and has been behind some of the most notable attacks since then. The amount the hackers ask for varies, but it is typically in the multimillion-dollar range. Virtual Care Provider, a company that provides tech services to nursing homes and acute care sites, was hit last November and its servers were completely disabled. 110 nursing homes had no access to patient records, the Internet, accounting and pay data and couldn’t order medications. The company was ordered to pay $14 million, but didn’t say whether or not it paid anything.