Google Drive been used to spread RYUK Ransomware


Universal Health Services, University of Vermont Health Network, the Sky Lakes Medical Center in Oregon, St Lawrence Health System in New York, and the Dickinson County Healthcare System in Michigan and Wisconsin have all made it official that they have fallen prey to RYUK Ransomware.


And Prima Facie launched by the FBI revealed that the ransomware was most likely being distributed by Trickbot malware that was operating as a trigger point to distribute the file-encrypting malware through 1000’s of infected computers. Microsoft then obtained a court order on October 12, 2020, to take measures to shut down the entire Trickbot network.


However, on October 25th of this year, Cybersecurity firm Sophos came up with another theory saying that the RYUK malware was being distributed through Google Drive, where the hackers were seen sending infected document links via email to employees working for healthcare firms and asking them to view the document by clicking the link to invite trouble.


As per the FBI’s advisory, the discovery is true and the hackers after clicking the document usually see a reference that says that the preview of the document has failed and they have to click a URL to see the content of the document- a URL link that is seen hosting a malware payload.


Sophos in association with the FBI and Homeland Security is advising online users to avoid clicking links in emails leading to files hosted in Google drive.


Note 1- In the year 2020 alone, security researchers from SonicWall detected a significant surge in the spread of RYUK Ransomware as more than 66.8 million RYUK cyber attacks were detected- constituting to 38.7% of all ransomware attacks in this year. And security analysts blamed the increase in remote and mobile work-forces due to the global shutdown propelled by COVID 19 Pandemic Spread.


Note 2- Those spreading RYUK Ransomware are seen demanding 15-50 Bitcoins in exchange for the decryption key and that accounts for $100,000 to $500,000 appx.


Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display