Security News > 2020 > October > Ryuk Ransomware Attacks Continue Following TrickBot Takedown Attempt

The threat actor behind the Ryuk ransomware continues to conduct attacks following the recent attempts to disrupt the TrickBot botnet, CrowdStrike reports.

Referred to as WIZARD SPIDER, the adversary has been widely using TrickBot for the distribution of ransomware, and the recent attempts by the U.S. Cyber Command and Microsoft to disrupt the botnet were expected to put an end to such operations.

"The operation against the TrickBot network was orchestrated to take down the botnet, thus reducing BGH infections by WIZARD SPIDER's Ryuk and Conti ransomware families, with an ultimate goal of protecting the forthcoming U.S. elections from ransomware operations," CrowdStrike notes.

Starting September 2018, CrowdStrike notes, the Ryuk ransomware has been the most lucrative operation run by WIZARD SPIDER, as victims are believed to have paid over $61 million in ransom to recover files encrypted by Ryuk.

"The ultimate goal of the disruption operation against the TrickBot network was to impact and prevent ransomware infections []. While the valiant efforts of the cybersecurity teams involved in this complex operation undoubtedly had a short-term impact on WIZARD SPIDER's TrickBot network, the response by the criminal actors has been swift, effective and efficient," Crowdstrike concludes.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/QC743lIT4f4/ryuk-ransomware-attacks-continue-following-trickbot-takedown-attempt