Security News > 2021 > May > Ryuk Ransomware Attack Sprung by Frugal Student
A European biomolecular research institute involved in COVID-19 research lost a week's worth of research data, all thanks to a Ryuk ransomware attack traced back to a student trying to save money by buying unlicensed software.
Security researchers at Sophos described the attack in a report.
The student's goof-ups advanced to a full-fledged ransomware attack because there weren't security measures in place to stop those missteps from happening, the researchers said.
From what security researchers can tell from the laptop - which was handed over for forensics after the ransomware attack unfurled - the student also had to disable the firewall to coax the time-bomb onto the computer.
Peter Mackenzie, manager of Rapid Response at Sophos, said that whoever was behind the cracked software was unlikely to be the same threat actor that was behind the resulting Ryuk attack.
"Security experts are all singing the same tune: Namely, that attacks are getting more vicious and more destructive, with extra time and effort spent on the removal of backups prior to ransomware deployment. Attackers are honing their nasty craft, as well:"They are becoming more sophisticated with new techniques designed to avoid detection, like running in virtual machines, Windows safe mode or completely fileless," Mackenzie told Threatpost.
News URL
https://threatpost.com/ryuk-ransomware-attack-student/165918/
Related news
- Six ransomware gangs behind over 50% of 2024 attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- Most ransomware attacks occur between 1 a.m. and 5 a.m. (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)
- Lateral movement: Clearest sign of unfolding ransomware attack (source)
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)
- U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks (source)
- Ransomware crisis deepens as attacks and payouts rise (source)