Ryuk Ransomware Now Deadlier


March 1, 2021

A new Ryuk ransomware variant has appeared in the wild, now with  worm-like capabilities.

According to the French national cyber-security agency (who discovered the variant), this version of Ryuk has the ability to self propagate and move from machine to machine.

Their report (which thankfully has been translated into English), and can be read here, says this nasty software lists all the IP addresses in the local ARP cache and is able to send faux-Wake-on-LAN packets to all the devices it discovers.

After that Ryuk mounts all sharing resources it finds  to encrypt the contents of those devices. Ryuk even leverages schtasks.exe  to help execute itself.

Who’s behind Ryuk?

Ryuk is a ransomware-as-a-service (RaaS) that was first uncovered in 2018 and has ruined days around the world ever since. These groups use private affiliate programs where people can submit applications and resumes for membership.

They’re pretty successful too. Last year they were able to collect $34 million from just ONE of their victims.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Carl Keyser is a Digital Marketing Specialist at Integris.

Keep reading

How the Best IT Companies in Minnesota Support the Hybrid Workforce

How the Best IT Companies in Minnesota Support the Hybrid Workforce

After the initial shutdowns and stay-at-home orders lifted following COVID-19, workers throughout the United States and Minnesota decided that the work-from-home model was here to stay. It makes sense -- working from home offers a lot of convenience to your team – and...