Data Resolution LLC Battles Ryuk Ransomware Attack

On August 24, 2018, column, we have reported here in Hackercombat.com the rise of Ryuk ransomware, allegedly created by the North Korean regime as one of the most profitable ransomware for the first two weeks of August 2018. Data Resolution, the Californian-based data warehousing and cloud computing firm is suffering from Ryuk ransomware since Christmas Eve 2018. Infection started to occur due to an unauthorized access using a previously unknown login credential on Dec 24, 2018.

Data Resolution engineers had no choice but to shut down the services hosted on the affected servers in a desperate attempt to halt the further spread of Ryuk ransomware. At the time of this writing, disinfection and restoration of data from backup are being done in order to fully reinstate to normal operation the affected machines.

The company has guaranteed customers that there were no data breach occurred, but rather the desire of the Ryuk ransomware to solicit ransom payment from Data Resolution LLC in exchange of data decryption. The priority to restore is the email and database hosting services that the company offers to its loyal customers. Data Resolution also hosts Microsoft Dynamics GP accounting system to their clients, which needs to be prioritized for restoration in order not to affect the client’s critical payroll processing needs.

Cloud application providers such as Data Resolution are in the front lines of damaging malware attacks, like ransomware as it directly interacts with critical user data. Cloud computing platform clients are businesses that are still highly dependent with classical desktop apps. Giving them a choice to migrate all their apps in the cloud for remote access instead of hosting individual apps in the machine gives the end-users the flexibility of convenience as they can access their apps everywhere there is Internet connection.

Malware infestation is more damaging against small and medium enterprises compared to large companies. This has something to do with IT spending budget of a small and medium enterprise which may barely meet the basic cybersecurity defense requirement compared to a large firm with bigger spending capability. Credible backup infrastructure is critical in reversing the damages caused by ransomware, as a safe backup of data can be restored, overwriting the damage system with a known good copy of the data. Being a cloud computing platform vendor, Data Resolution is equipped with reasonable backup infrastructure in order to reverse the damage and restore the normal conditions of the affected servers.

“The biggest cloud operators, like Google, Amazon, and IBM, have hired some of the brightest minds in digital security, so they won’t be easy to crack. But smaller companies are likely to be more vulnerable, and even a modest breach could lead to a big payday for the hackers involved,” explained Bureau Chief of MIT Technology Review, a technology consulting firm.

Data Resolution has refused to pay Ryuk ransomware’s developers any ransom, but instead are trying to rebuild their data using their backup infrastructure. Affected clients were notified separately by the company on Dec 29, 2018 containing the details of the issue and the latest updates they had since that date.