Morphisec Cybersecurity Blog

Security News in Review: Ryuk Ransomware Develops Self-Replication Capabilities

Written by Matthew Delman | March 6, 2021 at 2:00 PM

In this week’s edition of our roundup of the cybersecurity news, you’ll find reporting on a new trend of ransomware gangs turning to virtual machines, several high-severity vulnerabilities in the Linux kernel being resolved, and some new capabilities in the Ryuk ransomware

Read on for the latest Security News in Review, and let us know if we missed anything. 

Ransomware hackers turn to virtual machine software to boost extortion schemes -- Ransomware gangs have started to evolve their attack strategies from directly being written for Microsoft Windows machines to targeting the hypervisor that manages virtual machines. This is shown by some recent code designed to affect ESXi, a hypervisor software, with the goal being to infect the hypervisor and propagate their code to virtual machines. 

Ryuk ransomware develops worm-like capabilities, France warns -- According to an analysis from the French National Agency for the Security of Information Systems, the Ryuk ransomware has developed worm-like self-replicating capabilities. From a functional perspective, this means that the ransomware can propagate without human interaction. The addition of new capabilities to Ryuk will be of special interest to the healthcare sector, where Ryuk ransomware was responsible for 75% of attacks. 

High severity Linux network security holes found, fixed -- A set of five critical vulnerabilities in the Linux kernel’s virtual socket implementation were found and fixed recently. The vulnerabilities exist when Linux’s virtual socket multi-transport support is added, which is typically used to facilitate communication between virtual machines and their host. 

Microsoft Releases Out-of-Band Security Patches for Exchange Server -- Microsoft released several out-of-band security patches for multiple zero-day flaws that are actively being exploited in the wild. Organizations running Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 products should apply these patches right away. The patches relate to the on-premises versions of Exchange Server, and not to Exchange Online. 

Google Chrome update fixes another worrying security flaw -- Google released Chrome version 89 recently to patch a zero-day described by the company as an “object lifecycle issue in audio.” Despite the vague description, the company rated the flaw as high severity and issued a patch to fix it. There are reports of an exploit being used in the wild, but Google did not share any information on potential threats in the update. 

Payroll/HR Giant PrismHR Hit by Ransomware? -- Payroll provider PrismHR appears to have been hit with a ransomware attack this past weekend. They detected suspicious activity on Sunday, February 28, and disabled platform access for all their users. According to reporting from KrebsonSecurity, their actions since the attack have all the hallmarks of a ransomware infection despite PrismHR not confirming the attack.