Ryuk ransomware has established a foothold in biotechnology research institute. This occurred through the activities of student who was not keen to pay for the required software needed as part of a study program.
The latest cybersecurity incident was uncovered by security researchers. The inquiry revealed how a single student unwittingly became the conduit for a ransomware infection that cost a biomolecular institute a weeks’ worth of vital research. The event took place at an undisclosed European biomolecular research institute.
After the student downloaded and executed a ‘cracked’ software, a remote desktop protocol (RDP) connection was registered by the institute, using the student’s credentials. The problem was this was ten days after this connection was made that Ryuk was deployed on the network.
The net effect was to cost the institute a week of research data as backups were not fully up to date. In addition, system and server files had to be “rebuilt from the ground up,” according to the researchers, before the institute could resume normal working activity.
Ryuk ransomware was created by the hacker group Wizard Spider and it has compromised governments, academia, healthcare, manufacturing, and technology organizations. In 2019, Ryuk had the highest ransom demand at $12.5 million, and likely netted a total of $150 million by the end of 2020. For 2021, the use of the malicious software by rogue agents continues.
Gary Ogasawara, CTO, Cloudian, tells Digital Journal there are lessons in this case for every business or public sector organization to learn from.
Ogasawara considers the seriousness of the incident: “As evidenced by this student’s plight, internet-exposed RDP sessions are commonly exploited to infect end-user devices. Such sessions are intended to remotely log in to Windows computers and allow the user to securely control the device.”
We cannot rely on traditional forms of defense, says Ogasawara: “Unfortunately, hackers have become skilled at brute force attacks on these exposed computers that enable them to take advantage of RDP vulnerabilities and insert ransomware.”
For when such incidences happen, Ogasawara advises: “In the event that ransomware has been deployed on a network, protection at the storage level is crucial to ensure data remains secure and available.”
He also adds: “More specifically, by keeping an immutable backup copy of data, organizations can prevent cyber criminals from encrypting or deleting files. This way, they have an unencrypted copy for restore if an attack were to occur, enabling them to access their data without having to pay ransom.”