Ryuk Ransomware Infections Continue

Ryuk ransomware is impacting organizations around the world, including those in New Jersey. In many of the recent Ryuk infections, the targeted network is also infected with the Emotet and/or TrickBot trojan, which are used to move laterally across the network. Any credentials compromised by the trojans are used to identify new systems and determine which to infect with the Ryuk ransomware. Multiple Florida and Georgia municipalities were infected with Ryuk over the last several weeks, in addition to multiple other incidents that have occurred this year. The UK’s National Cyber Security Centre (NCSC) released an advisory, Ryuk Ransomware Targeting Organisations Globally, sharing details of their ongoing investigation into global Ryuk ransomware campaigns. The NJCCIC discourages victims from paying the ransom if impacted by a ransomware infection and, instead, ensure they have a comprehensive data backup plan. Organizations are advised to implement a defense-in-depth cybersecurity strategy and follow the principle of least privilege. In addition to the NCSC advisory, review the following resources from the NJCCIC, Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Cybersecurity and Infrastructure Security Agency (CISA):