Cyber criminals are currently using malware called Ryuk to encrypt company data and request a ransom. The encryption software Ryuk has reached Europe. Combined with two older Trojans, it enables attackers to make customized extortion attempts. Apparently quite a few companies have already been affected.
Ryuk Is Actually Only The Final Stage In A Series Of Malicious Software Infections
The Ryuk infection begins with the Trojan called Emotet, which has been on the move since early December. This reads out contact information and email content from the affected mailboxes in order to individualize emails and to simplify the spreading of the pests. With the information collected, Emotet fools real senders and recipients to make the emails look as authentic as possible. If a user is fooled and opens the documents in the file attachment, another infection is imminent.
If a user opens the Word document from the email attachment, Emotet continues infection. This is done via macros if they are activated. Emotet then begins to analyze the network to find out whether it is a private user or a company network. If the affected network is considered to be suitable, Emotet reloads another malware called TrickBot. TrickBot then collects information and ensures data flow. While doing so, it primarily accesses account data and thus provides insight into the financial situation of a company.
What Should You Do If You Are Affected?
You should definitely report the attack. A successful cyber attack that is not reported can lead to serious legal consequences. Especially if personal data from third parties is stolen. In addition, you should also inform your environment ,especially your email contacts to limit the spread of the pest. Also change your access data to prevent further access by the attackers. In order to be really sure that all pests are removed, the affected system should be set up again. This prevents parts of the pests from being somewhere in your system.