Ryuk Ransomware Partners with TrickBot to Gain Access to Infected Networks

New research indicates that the Ryuk ransomware actors may be using new types of malware to gain entrance to victims’ networks. As previously reported on by WaterISAC, the systems and networks of water utility in North Carolina were infected in October 2018 by Ryuk ransomware that had been dropped by the Emotet malware. In new reports by FireEye and CrowdStrike, researchers explain how “TrickBot” is now being used to get access. Once Trickbot infects a computer, it creates reverse shells back to the actors behind Ryuk so that they can manually infiltrate the rest of the network and install their payloads. TrickBot is commonly distributed through large malspam campaigns, which often masquerade as emails from various legitimate companies. Additionally, other research into Ryuk has led cybersecurity experts to believe Ryuk originated in Russia, not North Korea as originally thought. Read the full article at Bleeping Computer.