In response to reports that recent changes to the Ryuk ransomware encryption process resulted in a decryptor bug that could lead to data loss, an expert offers perspective below.
In response to reports that recent changes to the Ryuk ransomware encryption process resulted in a decryptor bug that could lead to data loss, an expert offers perspective below.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The criminals behind Ryuk are evolving their attack vectors to reduce the time to encrypt data and in doing so, have caused an issue of destroying the data at the same time. Criminals want money and whether or not your data is maintained is not their concern; just getting the payday.
Is there honor among thieves? If the public is aware that the encryption process destroys their files, they will not pay and the criminals won\’t receive any money. Could this be a bug in their software? Even the criminals write buggy code
Organizations want to backup their data and conduct regular testing of the backups to verify it can all be restored and maintain an offsite version of the data in the event of an onsite failure.
Incident response programs need to include ransomware attacks, who needs to be contacted and the steps to be taken when the organization is unable to produce or function effectively.
Finally, being able to monitor your networks and endpoints for large changes to data will allow an organization to respond quickly to a ransomware attack.