How to Protect Your Enterprise From Ryuk Ransomware Attack
Today’s topics include the right strategy to help enterprises avoid the Ryuk ransomware, and CastHack exposing Google Chromecast users to risk.
Professional North Korean attackers are using the Ryuk malware to slowly and methodically penetrate networks and carry out ransomware attacks, including ones on DataResolution.net and Tribune companies.
According to Stu Sjouwerman, CEO of KnowBe4, the two ways these attackers break into your network are through phishing and RDP attacks.
To protect your enterprise, consider these steps: Disable Remote Desktop on every computer on your network. Where you can’t remove RDP, replace it with a secure third-party version that provides two-factor authentication. Require two-factor authentication for any changes to your network devices. Impose a password management policy on your network. Make sure your backups don’t use disk letters or any other method that allows access through the operating system.
Finally, test the ability to recover your files to confirm that you have a backup you can use. Then store those backups off-site in a cloud location or in a physical vault.
A pair of hackers have been sending unauthorized content and messages to unsuspecting Google Chromecast media streaming device users. The attack, dubbed "CastHack," identifies Google Chromecast devices that have been exposed to the public internet and then abuses capabilities in Chromecast to post a message to victims asking them to subscribe to the channel of popular YouTube streamer PewDiePie.
In an FAQ, the two attackers wrote, "If you came here because you're a victim of #CastHack, then know that your Chromecast/SmartTV/GoogleHome is exposed to the public internet, and is leaking sensitive information related to your device and home.”
The attackers said the CastHack leak can enable a remote attacker to learn what WiFi network a vulnerable device is connected to and what Bluetooth devices have been paired to the device.