{"id":16670,"date":"2019-10-23T10:52:17","date_gmt":"2019-10-23T18:52:17","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/10\/23\/news-10409\/"},"modified":"2019-10-23T10:52:17","modified_gmt":"2019-10-23T18:52:17","slug":"news-10409","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/10\/23\/news-10409\/","title":{"rendered":"VB2019 papers: Emotet and Ryuk"},"content":{"rendered":"

Targeted ransomware has become one of the biggest and most damaging cybercrime trends in recent years. ‘Targeted’ is a bit of a misnomer though: the operators of the ransomware rarely choose the victim organisations. Instead, they have the organisations ‘chosen’ through an infection with another piece of malware that is then used as a foothold for the ransomware.<\/p>\n

Quite often, this malware is Emotet, which made a spectacular comeback<\/a> in September. The ransomware is deployed often through a second malware family like Trickbot. Various ransomware families are making use of this scheme to be installed on high-value networks, with Ryuk<\/a> being one of the most prominent.<\/p>\n

\"f1_detected_samples.png\"Detected Emotet samples on a daily basis in 2019.<\/span><\/p>\n

A good understanding of Emotet and an ability to defend against it will allow one to fend off<\/a> many sophisticated targeted attackers, while an understanding of Ryuk and similar ransomware families will aid an overall understanding of how such malware then spreads through an internal network.<\/p>\n

\"Ryuk-Figure5.png\"Ryuk ransom note.<\/span><\/p>\n

Today we publish two relevant papers presented at VB2019, the 29th Virus Bulletin Conference. Sophos<\/em> researcher Luca Nagy presented a paper on Emotet, while Deloitte<\/em> researchers Gabriela Nicolao and Luciano Martins presented one on Ryuk. In addition to the respective papers, we have also uploaded the videos of the presentations to our YouTube<\/em> channel.<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n