"#COVID19 Researchers Lose a Week's Work to Ryuk Ransomware"

According to security researchers at Sophos, an organization involved in COVID-19 research lost a week's worth of critical data after a Ryuk attack that used a stolen password.  The problem was traced back to one of the university students that the European research institute collaborates with as part of its outreach programs.  That student obtained what they thought was a 'crack' version of a data visualization tool they needed, except that it contained information-stealing malware.  The malware harvested keystrokes, stealing browser, cookies, clipboard data, and, it transpired, the student's log-ins for the research institute.  Thirteen days later, a remote desktop protocol (RDP) connection was registered on the institute's network using the student's credentials, the researchers stated.  Although the unnamed biomolecular specialist had backups, they were not fully up-to-date, meaning that a week's worth of vital research was lost. The firm also suffered a significant operational cost as all computer and server files had to be rebuilt from the ground-up before data could be restored.  The researchers stated that it is unlikely that the operators behind the 'pirated software' malware are the same as those who launched the Ryuk attack.

Infosecurity reports: "#COVID19 Researchers Lose a Week's Work to Ryuk Ransomware"