Ryuk Ransomware Detection

November 6, 2020

This security bulletin shows how you can detect, defend, and respond to Ryuk Ransomware using Ordr.

Ryuk uses a couple of well-known trojans like Emotet and Trickbot for initial delivery, internal reconnaissance, command and control communication, credential harvesting, and other aspects of an Advanced Persistent Threat (APT) attack. This paper examines how Ordr can help detect, defend, and respond to these attack vectors employed by this APT attack.

Ryuk Ransomware Detection

Ordr Response to Log4j Vulnerability

Detecting and Responding to PrintNightmare

Detecting DarkSide Ransomware Used in the Colonial Pipeline Attack

University Hospital Southampton NHS Foundation Trust on Protecting Medical Devices from Cyber Attacks

NAME:WRECK - unlikely as an initial compromise, but here is what you should know

IoT/IoMT Risks and Mitigations and Ransomware Targeting Healthcare

Ordr Response to Verkada Breach

HAFNIUM - Ordr Can Identify Exchange Servers & Associated CVEs

Enhancing Threat Intelligence with Ordr SCE and STIX & TAXII 2.1

Ripple20 Update!

SolarWinds Orion – How Ordr Can Help

Modernizing Your Vulnerability Management Program in the Age of Unmanaged, Connected Devices

CISA Alert (AA20-302A) Ransomware Activity Targeting the Healthcare and Public Health Sector

Ordr CISO Threatcast - Ransomware Affecting Healthcare

Detecting and Mitigating Ripple20 Vulnerabilities

Ransomware in Healthcare Providers and Healthcare Delivery Organizations

A Primer on Preparing for and Responding to Ransomware for Users of IoT and IoMT

OSB-101719-v1.0 - Cisco Aironet Vulnerabilities and Mitigations

VxWorks URGENT/11

Detect and Mitigate Ripple20