Security News > 2020 > October > Ryuk Ransomware Attacks Continue Following TrickBot Takedown Attempt
The threat actor behind the Ryuk ransomware continues to conduct attacks following the recent attempts to disrupt the TrickBot botnet, CrowdStrike reports.
Referred to as WIZARD SPIDER, the adversary has been widely using TrickBot for the distribution of ransomware, and the recent attempts by the U.S. Cyber Command and Microsoft to disrupt the botnet were expected to put an end to such operations.
"The operation against the TrickBot network was orchestrated to take down the botnet, thus reducing BGH infections by WIZARD SPIDER's Ryuk and Conti ransomware families, with an ultimate goal of protecting the forthcoming U.S. elections from ransomware operations," CrowdStrike notes.
Starting September 2018, CrowdStrike notes, the Ryuk ransomware has been the most lucrative operation run by WIZARD SPIDER, as victims are believed to have paid over $61 million in ransom to recover files encrypted by Ryuk.
"The ultimate goal of the disruption operation against the TrickBot network was to impact and prevent ransomware infections []. While the valiant efforts of the cybersecurity teams involved in this complex operation undoubtedly had a short-term impact on WIZARD SPIDER's TrickBot network, the response by the criminal actors has been swift, effective and efficient," Crowdstrike concludes.
News URL
Related news
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)
- BianLian ransomware claims attack on Boston Children's Health Physicians (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)