#COVID19 Researchers Lose a Week's Work to Ryuk Ransomware

#COVID19 Researchers Lose a Week's Work to Ryuk Ransomware

An organization involved in COVID-19 research lost a week’s worth of critical data after a Ryuk attack which used a stolen password, according to Sophos.



Cybersecurity vendor Sophos revealed the case yesterday as a cautionary tale of what can happen when organizations don’t follow security  best practice.



The problem was traced back to one of the university students that the European research institute collaborates with as part of its outreach programs.



That student obtained what they thought was a 'crack' version of a data visualization tool they needed, except in reality it contained information-stealing malware. The individual apparently disabled Windows Defender and their PC firewall after the security tool triggered a malware alert pre-download.



The malware harvested keystrokes, stealing browser, cookies, clipboard data and, it transpired, the student’s log-ins for the research institute.



“Thirteen days later a remote desktop protocol (RDP) connection was registered on the institute’s network using the student’s credentials,” Sophos explained.



“A feature of RDP is that a connection also triggers the automatic installation of a printer driver, enabling users to print documents remotely. This allowed the Rapid Response investigation team to see that the registered RDP connection involved a Russian language printer driver and was likely to be a rogue connection. Ten days after this connection was made, the Ryuk ransomware was launched.”



Although the unnamed biomolecular specialist had back-ups, they were not fully up-to-date, meaning that a week’s worth of vital research was lost. The firm also suffered a significant operational cost as all computer and server files had to be rebuilt from the ground-up be ..

Support the originator by clicking the read the rest link below.