Blackmail Is Not An Option…..Worried about Ransomware? Stop it before it starts!
November 2020 by Deep Instinct
At the heart and soul of our resilient cybersecurity prevention is our deep learning algorithms. The next wave in security technology is deep learning-based prevention. Deep Learning uses all available data to automatically infer the malicious or benign intent of a file. The outcome is high prevention efficacy with minimal false positives.
In its application to cybersecurity, deep learning can analyse millions of different possible files. As the training dataset gets larger and larger, the deep learning algorithms continuously improve. The unique ability to pick up on patterns that are too complex for any human or traditional AI to pick up on, gives deep learning its inherent value. That value is relevant for a large number of attack types, one of which is Ransomware.
Ryuk is a specific ransomware family that threatens in some cases to publish the victim’s data, while perpetually blocking access to it until a ransom is paid.
• Attacks tend to be highly targeted against English speaking users from companies which they select one at a time, either via spear phishing emails or Internet-exposed and poorly secured RDP connections.
• First identified in October 2018, several updates of Ryuk have appeared since its release, and in one of its latest updates, Ryuk was programmed to steal confidential military, financial, and law enforcement files.
Once infecting a system, Ryuk has established a pattern of killing over 40 processes and stopping more than 180 services, before beginning to encrypt files. Additionally, Ryuk requires admin privileges to run, therefore it maintains persistence by writing itself to the Run registry key.
• Ryuk is often distributed as a secondary payload of Emotet or Trickbot, which are spread through spam emails.
Ryuk was originally detected and prevented by Deep Instinct in a private hospital located in Southeast Asia. The over 200 bed facility has 3,500 agents deployed across multiple types of endpoints. If successfully executed within the hospital, the effects of Ryuk ransomware could be particularly devastating as its encryption methods are highly effective with the potential for shuttering entire network systems, potentially putting human lives at risk.
Deep Instinct detected Ryuk arriving as a secondary payload accompanied with an already existent Emotet installation. The payload was delivered through a malicious spam DOCX attachment where the virus was hidden in the document which the Deep Instinct D-Client prevented from downloading.
Deep Instinct’s deep learning-based security platform prevented the malicious document dropper contained in the spam email and the executable payload which is downloaded by the dropper. Since the solution prevented the attack pre-execution, the document dropper and the executable payload never made its way into the hospital.