Ryuk Ransomware Decryptor Bug Could Lead To Loss Of Data

In response to reports that recent changes to the Ryuk ransomware encryption process resulted in a decryptor bug that could lead to data loss, an expert offers perspective below.

Experts Comments

December 11, 2019
James McQuiggan
Security Awareness Advocate
KnowBe4
The criminals behind Ryuk are evolving their attack vectors to reduce the time to encrypt data and in doing so, have caused an issue of destroying the data at the same time. Criminals want money and whether or not your data is maintained is not their concern; just getting the payday. Is there honor among thieves? If the public is aware that the encryption process destroys their files, they will not pay and the criminals won't receive any money. Could this be a bug in their software? Even the.....Read More
The criminals behind Ryuk are evolving their attack vectors to reduce the time to encrypt data and in doing so, have caused an issue of destroying the data at the same time. Criminals want money and whether or not your data is maintained is not their concern; just getting the payday. Is there honor among thieves? If the public is aware that the encryption process destroys their files, they will not pay and the criminals won't receive any money. Could this be a bug in their software? Even the criminals write buggy code Organizations want to backup their data and conduct regular testing of the backups to verify it can all be restored and maintain an offsite version of the data in the event of an onsite failure. Incident response programs need to include ransomware attacks, who needs to be contacted and the steps to be taken when the organization is unable to produce or function effectively. Finally, being able to monitor your networks and endpoints for large changes to data will allow an organization to respond quickly to a ransomware attack.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.