There have been some recent reports of a new form of Ransomware that can be extremely dangerous if installed. The new ransomware has a name of Ryuk. It is spread via email and phishing links. Once clicked on, it can lay dormant for weeks or months before it will activate.

Once it activates, it can search for and encrypt any file that is accessible. Local computer files and network files (mapped drives) can all be encrypted if accessible. Like typical ransomware, the attackers request a certain dollar amount and then promise a decryption key. There is no way to know whether they will actually give you the that decryption key. They are in complete control at that point.

An attack of this magnitude can be absolutely devastating to recover from. It is extremely time consuming and expensive, not to mention that if you have any type of private information (PHI, PII, PCI, etc.) stored on your system, it then becomes a reportable incident.

The link below provides some additional technical information.
Threat Assessment: Ryuk Ransomware

A couple items to keep in mind:

  1. Backups, backups, backups. Please make sure you have a backup in place of ANY data that is critical to your business. If you have good backups, then you will be able to recover without any decryption or payment. Good backups are a critical way to ensure that your network and data are recoverable if needed.
  2. Antivirus. Any of the paid antiviruses that we have reviewed are equipped to protect you from this (Trend, Cortex, and Carbon Black.) We are sure others have been updated to provide protection from this as well. Please be extremely cautious of free antivirus packages (AVG, Avast, etc.) at this time. No cliché has ever been more accurate than in the antivirus market, “You get what you pay for.”
  3. Email spam filters are also a great way to help minimize malicious emails. They are not perfect, but they can definitely be helpful in preventing unwanted emails from getting delivered.
  4. Check with your insurance carrier about Cyber Liability. If you have you a reportable incident, you will be extremely grateful that you have this. It not only helps financially, but they will also help with the discovery and reporting.
  5. ****The Most Important**** USER AWARENESS All of these types of incidents can 100% be avoided with user awareness, training, and caution. These infections cannot automatically install themselves. They have to be initiated by a user in some form or fashion. Please, use EXTREME caution with emails, email links, website links, text links, etc. If you are unsure or do not recognize the sender or the link, or if anything just doesn’t feel right, DO NOT OPEN IT. Pick up the phone and call the sender just to verify they sent you that email. Also, please limit any personal email or web activity to as close to zero as possible. Anything non-work related does not need to happen on the work network.

If you have any questions, please contact your local Kemper CPA Group office and we will connect you with one of our technology professionals.

Chris Kujawa, MCSE, MCST
Partner, Network Administrator