Law Enforcement and other Governmental Agencies all over Georgia recently received a shocking warning in regards to what is being characterized as a targeted and organized series of Malware attacks. Shortly after this warning was released, over 20 Texas agencies were crippled.
Ryuk Ransomware attacks are targeting Law Enforcement and Government Agencies in an attempt to gain monetarily. The attacks will cripple operations within these agencies and in order to access encrypted data and files, attackers will insist on a very expensive ransom, likely hundreds of thousands of dollars. According to the Georgia Bureau of Investigation, these attacks are suspected to have originated from North Korea, bringing an entirely new complexion to the ongoing "war" against Malware.
Ryuk can get in two ways; email phishing attacks and unprotected remote desktop ports (RDP). What makes Ryuk so dangerous is that it can be difficult to prevent because it is “bespoke” meaning that it is modified and can be tailor made for a specific target. It spreads slowly and strategically as it is manually spread from within the network by the hackers once they have entered. It is crucial for the health and protection of your agency that preventative actions are taken and that staff and personnel are aware of and educated on Ryuk Malware Attacks. Two major risks that come with Ryuk Malware attacks are the potential disabling of 911 dispatch as well as the crippling of law enforcement missions. Both of these scenarios have played out in previous ransomware attacks in Georgia.
We want to be sure you are best suited in your defense plans to protect against Ryuk. Liberty is using a layered approach to act defensively against Ryuk Malware. Our approach consists of DNS/Cloud Security, Network Security, Endpoint Security, and leveraging tools that learn machines allowing for detection of abnormal network behavior. In addition to these steps, we take it a step further to train our client’s users. It is important that users know how to spot abnormal or suspicious activity and what best practices to use so that they, themselves, can become, as we like to call it, human malware detectors. For example, just by itself, control over incoming email can minimize the success of those attacks. Without putting those best practices in place, all the malware protection tools in the world will not hold up against careless end-user mistakes.
Below we have listed some additional steps that you should take now in your efforts to prevent against Ryuk:
- Disable Remote Desktop on every computer on your network
- Where you can’t remove RDP, replace it with a third-party version that is secure and that can provide two-factor authentication
- Require two-factor authentication for any changes to your network devices, including your servers and to your clients. The second factor should be a physical smart card or USB key, not an SMS text message.
- Impose a password management policy on your network, including a requirement that all passwords be changed immediately. At this point, any passwords that have been in use for a while will have been compromised, so implement a policy that requires new passwords immediately, sets requirements for password age and doesn’t allow password reuse.
- Make sure your backups don’t use disk letters or any other method that allows access through the operating system. Backups must be managed by backup software that creates protected backups that cannot be otherwise accessed from the network
- Make sure you test the ability to recover your files to confirm that you really have a backup you can use. Then store those backups off-site in a cloud location or potentially in a physical vault.
These proper steps were recommended by an article from eWeek that you can find here.
We want you to be as prepared as possible in your security plans to defend against Ryuk. Contact us at firstname.lastname@example.org for more info on Ryuk Ransomware and how to protect your organization against it.