In April of 2018, we warned you about an imminent increase in cyber-attacks from Russia and other foreign actors. This month, we want to highlight a specific piece of (suspected) Russian ransomware, Ryuk, which is currently making headlines. Ryuk Ransomware and its variants have shown up a number of times over the last year, and was most recently credited with delaying the delivery of many major newspapers, including the L.A. Times and the San Diego Union Tribune. In October, it was implicated in an attack on a North Carolina water utility.

Ryuk typically attacks through spam channels, and is often tailored specifically to its target. Once a network is infected, the attackers have shown a pattern of staying patient and studying their victims to determine their moneymaking potential. In some cases, they’ve waited up to year to encrypt files and only then demand ransom.  These tactics have proven to be very successful, as researchers have determined that Ryuk’s ransomware has brought in around $3.7 million in bitcoin over the last year.

So far, Ryuk Ransomware has primarily focused on larger targets, but as we know, ISPs are considered high-value targets for cyber-criminals. It’s extremely important to educate your employees and end-users on the common signs of a ransomware attack.  Following basic rules like only opening emails and attachments from trusted sources and installing a strong anti-malware/anti-ransomware program like Tech Office for business endpoints can help fill the security needs of your business customers. Every business endpoint should utilize a strong defensive strategy that includes malware protection and cloud backup. By using Tech Office, businesses can turn a potentially devastating ransomware attack into a minor inconvenience.

If you have any questions about Tech Office or how SecurityCoverage can help you be prepared, please give us a call at 1-877-725-4839 or email us at

Recommended Posts