Ryuk Ransomware Decryptor Bug Could Lead To Loss Of Data

In response to reports that recent changes to the Ryuk ransomware encryption process resulted in a decryptor bug that could lead to data loss, an expert offers perspective below.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
James McQuiggan
James McQuiggan , Security Awareness Advocate
InfoSec Expert
December 11, 2019 10:51 am

The criminals behind Ryuk are evolving their attack vectors to reduce the time to encrypt data and in doing so, have caused an issue of destroying the data at the same time. Criminals want money and whether or not your data is maintained is not their concern; just getting the payday.

Is there honor among thieves? If the public is aware that the encryption process destroys their files, they will not pay and the criminals won\’t receive any money. Could this be a bug in their software? Even the criminals write buggy code

Organizations want to backup their data and conduct regular testing of the backups to verify it can all be restored and maintain an offsite version of the data in the event of an onsite failure.

Incident response programs need to include ransomware attacks, who needs to be contacted and the steps to be taken when the organization is unable to produce or function effectively.

Finally, being able to monitor your networks and endpoints for large changes to data will allow an organization to respond quickly to a ransomware attack.

Last edited 2 years ago by James McQuiggan
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x