Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network. The trend observed in attacks this year reveals a predilection towards targeting hosts with remote desktop connections exposed on the public internet. Using targeted phishing emails to deliver the malware continues to be a favored initial infection vector for the threat actor. The attackers ran reconnaissance on the victim in two stages. Once, to determine the valuable resources on the compromised domain, the objective is to find information on the company s revenue to set a ransom amount that the victim can afford to pay to recover systems.
Source: https://www.bleepingcomputer.com/news/security/ryuk-ransomware-operation-updates-hacking-techniques/