BazarLoader used to deploy Ryuk ransomware on high-value targets

Posted by & filed under Security Alerts.

The TrickBot gang operators are increasingly targeting high-value targets with the new stealthy BazarLoader trojan before deploying the Ryuk ransomware. For years, the TrickBot gang has been using their trojan to compromise enterprise networks by downloading different software modules used for specific behavior such as stealing passwords, spreading to other machines, or even stealing a domain’s Active Directory… Read more »

Ryuk Ransomware Took Down Maritime Facility in US

Posted by & filed under Security Alerts.

The U.S. Coast Guard (USCG) published a marine safety alert to inform of a Ryuk Ransomware attack that took down the entire corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility. While the incident is still currently being investigated, the USCG says that a phishing email is most likely the point of… Read more »

Ryuk Ransomware Forces Prosegur Security Firm to Shut Down Network

Posted by & filed under Security Alerts.

In a statement at midday today (local time), Spanish multinational security company Prosegur announced that it was the victim of a cybersecurity incident disrupting its telecommunication platform. The company restricted communications with its customers to avoid malware propagation. According to Derecho de la Red, the malware strain used in the attack is Ryuk, delivered via Emotet…. Read more »

How to remove Ryuk Ransomware (Uninstall guide)

Posted by & filed under Security Alerts.

Ryuk ransomware is the cryptovirus that targets companies with large ransom demands to make more profit from one attack. However, ransomware can also affect everyday users and corrupt or delete their data. You need a thorough system scan to terminate the malware in time. Ryuk is a ransomware virus that has already attacked and encrypted… Read more »

Ryuk Ransomware Adds IP and Computer Name Blacklisting

Posted by & filed under Security Alerts.

A new variant of the Ryuk Ransomware has been discovered that adds IP address and computer blacklisting so that matching computers will not be encrypted. This new sample was discovered yesterday by MalwareHunterTeam, who saw that it was signed by a digital certificate. After this sample was examined by security researcher Vitali Kremez, it was discovered that a few changes were… Read more »