Ryuk Ransomware group target victims

The Ryunk group is still actively trying to get into critical infrastructure providers to include health, power, water, energy, schools, and SLTT's.  CISA has general guidance for operators to defend against many common ransomware attacks which I will link below.  What is new in the latest rounds of attacks is that they have moved from using off-the-shelf hacking tools to gain access to the systems and instead are now using PowerShell and other built-in tools of common operating systems to avoid detection.  This has been a trend I have noticed from several threat groups over the last year or so.

https://securityintelligence.com/articles/ryuk-ransomware-operators-shift-tactics/?web_view=true  

CISA guidance

https://us-cert.cisa.gov/sites/default/files/publications/Ransomware_Executive_One-Pager_and_Technical_Document-FINAL.pdf

 

 

For more information, or to comment on this topic, visit Yet Another Security Blog.