Connect with us

Hi, what are you looking for?

Tech & Science

Ryuk ransomware hits biotechnology firm

Another cyberattack. This time there are lessons in this case for every business or public sector organization to learn from.

Investigators and researchers are still learning of the scope of the cyberattack which has hit US government agencies and other victims around the world - AFP
Investigators and researchers are still learning of the scope of the cyberattack which has hit US government agencies and other victims around the world - AFP

Ryuk ransomware has established a foothold in biotechnology research institute. This occurred through the activities of student who was not keen to pay for the required software needed as part of a study program.

The latest cybersecurity incident was uncovered by security researchers. The inquiry revealed how a single student unwittingly became the conduit for a ransomware infection that cost a biomolecular institute a weeks’ worth of vital research. The event took place at an undisclosed European biomolecular research institute.

After the student downloaded and executed a ‘cracked’ software, a remote desktop protocol (RDP) connection was registered by the institute, using the student’s credentials. The problem was this was ten days after this connection was made that Ryuk was deployed on the network.

The net effect was to cost the institute a week of research data as backups were not fully up to date. In addition, system and server files had to be “rebuilt from the ground up,” according to the researchers, before the institute could resume normal working activity.

Ryuk ransomware was created by the hacker group Wizard Spider and it has compromised governments, academia, healthcare, manufacturing, and technology organizations. In 2019, Ryuk had the highest ransom demand at $12.5 million, and likely netted a total of $150 million by the end of 2020. For 2021, the use of the malicious software by rogue agents continues.

Gary Ogasawara, CTO, Cloudian, tells Digital Journal there are lessons in this case for every business or public sector organization to learn from.

Ogasawara considers the seriousness of the incident: “As evidenced by this student’s plight, internet-exposed RDP sessions are commonly exploited to infect end-user devices. Such sessions are intended to remotely log in to Windows computers and allow the user to securely control the device.”

We cannot rely on traditional forms of defense, says Ogasawara: “Unfortunately, hackers have become skilled at brute force attacks on these exposed computers that enable them to take advantage of RDP vulnerabilities and insert ransomware.”

For when such incidences happen, Ogasawara advises: “In the event that ransomware has been deployed on a network, protection at the storage level is crucial to ensure data remains secure and available.”

He also adds: “More specifically, by keeping an immutable backup copy of data, organizations can prevent cyber criminals from encrypting or deleting files. This way, they have an unencrypted copy for restore if an attack were to occur, enabling them to access their data without having to pay ransom.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

The hope is real enough. It’s just a matter of when.

Tech & Science

If a chocolate has 5 percent fat or 50 percent fat it will still form droplets in the mouth and that gives you the...

Tech & Science

The extensive approach take with the latest research has enable scientists to distinguish specific populations of Y. pestis.

Business

Tesla head Elon Musk met with senior White House officials to discuss the Biden administration's push to grow the electric vehicle market.