RYUK virus running riot as it strikes down another victim in Tower

The City of New Bedford in the State of Massachusetts, USA, refused to cave to the demands of the hackers that attacked its systems in July of last year. The RYUK virus, a ransomware virus whose purpose is the financial extortion of a computer network’s operator, hit 58 workstations across the city and 4% of the municipality’s total computers were paralyzed by the attack. The hackers demanded $5.3 million, but the city refused to pay it and insisted on confronting the cyberattackers. According to estimates, the virus which New Bedford refused to bow down to was also the one which attacked Tower Semiconductor Ltd. over the past weekend and brought the Israel-based and Nasdaq-listed wireless chip and camera sensors manufacturer to shut down its systems.

Tower has yet to confirm that it has been hit by a virus and has only revealed that it suffered a cyberattack that resulted in a partial shut down of its production lines and its data and communications systems. It is believed that Tower wasn't the only Israeli company that came under attack by this virus over the past weekend.

Ransomware attacks are becoming more and more common over recent years, but 2020 still seems to be extraordinary. According to international accounting firm BDO, while in previous years ransomware attacks were directed mainly against easy and simple targets, over the past year there are more and more cases of massive ransom demands.

Wearables maker Garmin reportedly paid a $10 million ransom to unencrypt its computer files earlier this summer, while Mexican oil company Pemex was asked to pay $4.9 million by hackers and UK foreign exchange specialist Travelex is believed to have paid $6 million to attackers.

"Over the past year, we are seeing a significant increase in ransomware attacks against Israeli companies with a significant U.S. presence in ownership," said Noam Hendruker, Head of Global cybersecurity Consulting Group at BDO. "The two main types of ransomware attackers which we identify are Netwalker and RYUK, with the damage they are causing companies estimated at tens of millions of dollars. The way to deal with these attacks is with technology that identifies, blocks and prevents the attack, as well as increase the awareness among employees and IT workers regarding the characteristics of cyberattacks."

According to Lotem Finkelstein, Threat Intelligence Group Manager at cybersecurity giant Check Point, RYUK was first spotted in the summer of 2018 and its attacks are characterized by being so lethal that the IT, insurance and management of the attacked company have no option but to pay the ransom.

Finkelstein said that such an attack is only possible with cooperation between groups of cybercriminals. One group provides entry into the organization's systems, another makes sure the virus spreads through the computers and the third activates the ransomware and encrypts the company's digital assets.

"During the summer of 2018 we sequenced the digital structure of the RYUK virus and we found that it shares a similar structure to North Korean viruses," said Finkelstein. "Over the past few weeks we are seeing more RYUK-based attacks, mainly against companies that can afford ransom of hundreds of thousands of dollars. The attackers sometimes use a company's financial reports in order to justify their ransom requests."