Contact Us

Newsletter Sign-Up

1 min read

Ryuk Ransomware Now Deadlier

Mar 1, 2021 3:01:24 PM

Ryuk Ransomware Now Deadlier

A new Ryuk ransomware variant has appeared in the wild, now with  worm-like capabilities.

According to the French national cyber-security agency (who discovered the variant), this version of Ryuk has the ability to self propagate and move from machine to machine.

Their report (which thankfully has been translated into English), and can be read here, says this nasty software lists all the IP addresses in the local ARP cache and is able to send faux-Wake-on-LAN packets to all the devices it discovers.

After that Ryuk mounts all sharing resources it finds  to encrypt the contents of those devices. Ryuk even leverages schtasks.exe  to help execute itself.

Who's behind Ryuk?

Ryuk is a ransomware-as-a-service (RaaS) that was first uncovered in 2018 and has ruined days around the world ever since. These groups use private affiliate programs where people can submit applications and resumes for membership.

They're pretty successful too. Last year they were able to collect $34 million from just ONE of their victims.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Topics: Ryuk
Carl Keyser

Written by Carl Keyser

Likes cybersecurity, emerging next-gen technology and long walks on the beach.

Featured