A new Ryuk ransomware variant has appeared in the wild, now with worm-like capabilities.
According to the French national cyber-security agency (who discovered the variant), this version of Ryuk has the ability to self propagate and move from machine to machine.
Their report (which thankfully has been translated into English), and can be read here, says this nasty software lists all the IP addresses in the local ARP cache and is able to send faux-Wake-on-LAN packets to all the devices it discovers.
After that Ryuk mounts all sharing resources it finds to encrypt the contents of those devices. Ryuk even leverages schtasks.exe to help execute itself.
Who’s behind Ryuk?
Ryuk is a ransomware-as-a-service (RaaS) that was first uncovered in 2018 and has ruined days around the world ever since. These groups use private affiliate programs where people can submit applications and resumes for membership.
They’re pretty successful too. Last year they were able to collect $34 million from just ONE of their victims.
Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.