Institute in Europe fell victim to the notorious Ryuk ransomware because of the student’s reluctance to pay for licensed software. The attack resulted in the infection of computer networks and the loss of several weeks of critical research work.
According to the report of the information security company Sophos, we are talking about an institute for biomolecular research in Europe. The affected organization turned to Sophos for help, and the company’s specialists were able to find out how the ransomware penetrated its computer networks. The name of the institute was not disclosed, but it is known that it is engaged in research on COVID-19.The organization works closely with local universities and attracts students to work on some projects. As the investigation showed, it was the student who caused the ransomware infection of the institute’s networks. The young man wanted a free copy of virtualization software that costs hundreds of dollars a year to subscribe.
After posting a message on the search for the desired program on the Internet forum, the student eventually decided to download the hacked version. Windows Defender worked, so the young man turned it off, and did the same to the firewall. However, instead of the desired virtualization software, a Trojan loaded onto his system, stealing student credentials to access the institute’s network.
13 days after the student launched the hacked software, the institute registered an RDP connection to his network. According to the researchers, access to the institute’s network was sold on the black market, and the RDP connection was a test. Ryuk ransomware was deployed on the network 10 days after connecting.
Ryuk is one of the most popular ransomware programs of our time, and it is constantly being improved. The Ryuk family, including new worm-enabled designs, encrypts networks and files, denying users access to them and demanding a ransom to restore them.
As I reported earlier, the ransomware operators “earned” more than $150 million in total. I also told you that New variant of Ryuk ransomware has the features of a network worm.