Threat Actors Couple TrickBot Trojan with Ryuk Ransomware
Researchers at several cybersecurity firms are reporting that Ryuk, a ransomware variant likely developed by financially-motivated cyber-criminals and responsible for a recent infection at multiple US news outlets, is now being delivered to victims subsequent to a TrickBot trojan infection. After an initial TrickBot infection, threat actors determine which networks belong to the largest companies or government organizations to target in order to maximize payouts by demanding a larger ransom amount. These threat actors have also been seen renting installations from the Emotet trojan authors to deploy TrickBot and Ryuk. According to Crowdstrike, Ryuk threat actors have profited over $3.7 million since August. The NJCCIC recommends reviewing the research by Crowdstrike, FireEye, Kryptos Logic, and McAfee and employing best practices to defend against threats such as TrickBot, Emotet, and Ryuk, including a defense-in-depth cybersecurity strategy, an endpoint detection and response solution, and a comprehensive data backup plan.