The ransomware launched against newspapers nationwide is not your typical malware. Experts say Ryuk is “artisanal” and meant to be used against certain companies for maximum disruption.
(TNS) — Malware comes in many forms.
Bad links can lead to obnoxious adware that unleashes a plague of pop-ups. Nefarious attachments can hijack your processor for a bitcoin-mining botnet.
Ryuk, a malware program believed to have been used in an attack that hobbled newspapers nationwide, is a sophisticated twist on an extortionate classic.
Once Ryuk gets into a network, it automatically spreads from computer to computer, node to node, encrypting important files along the way with an unbreakable code. Try to access the encrypted data, and the malware presents a ransom note: deposit bitcoin into an anonymous wallet and receive a key to decrypt your entire system. Refuse to pay, and the files remain locked for good.
This piece of ransomware managed to throw a monkey wrench into
The problem surfaced near midnight Thursday, when sports editors at the
By Monday, problems in production and delivery were largely resolved, said
A screenshot of affected company files obtained by The
Such attacks are increasingly common. In 2016, devices and medical records at
Ryuk appeared on the radar of cybersecurity experts in August, when the security researchers MalwareHunterTeam reported five initial victims. An analysis by
Despite the similarity in the code, determining the origin of an attack is very difficult, as is establishing any links to state actors.
“Really the only way is, once you go in and raid someone and knock down their door and seize their computers, you find the code on their computers,” said
The name Ryuk appears to be a reference to a character in the popular anime and manga series “Death Note.” In the comics, Ryuk is a demon of death who, bored with his immortality, decides to introduce into the world a notebook that allows its finder to kill anyone by writing their name.
Most ransomware attacks come from programs that target a vast number of individuals with infected links or attachments, and then ask for a small amount of money to unlock the computers, said
Ryuk, he said, is different.
“Commodity ransomware like GandCrab has a large affiliate program, many possible infection vectors and a constant drip of victims and ransom payments,” Herzog wrote in an email. “Ryuk, in contrast, is a relatively ‘artisanal’ malware,” which is used to target specific companies with little tolerance for disruption such as hospitals, ports, and, now, apparently, newspapers.
Since emerging as a mass phenomenon over the past few years, ransomware and those who deploy it have been locked in an arms race with security systems and researchers. Both have become more sophisticated as a result.
“Early [attacks] were very basic, and just encrypted whatever files the person had access to,” Neuman said.
Newer models can exploit known security weaknesses to jump from user to user, accessing more secure files along the way.
The Check Point security analysis did not find that Ryuk had a method for automatically spreading among a network, which
©2019 Los Angeles Times. Distributed by Tribune Content Agency, LLC.