Ryuk ransomware: makes more than half a million in two weeks and is not going to stop

Ryuk ransomware: makes more than half a million in two weeks and is not going to stop snapshot

In two weeks of existence, newly created ransomware has gained $640K

This virus targets mostly large corporates and demands for hefty amounts of Bitcoin. Ryuk ransomware asks for 10-50 BTC, depending on the victim. The amount can be even larger since each day of the given two weeks costs 0.5 in BTC. There are only 10 victims, as long as it is known, but at least one company reportedly paid $300 000 for the virus developers. These victims are mostly from large companies, healthcare centers and it is believed that not many average PC users are targeted in the attacks of this ransomware since there is a more financial value from big corporates.

This virus emerged in the second week of August and in this time organizations in the United States got affected. Ryuk encrypted stored data on devices and even data centers using AES-256 and RSA-4096 encryption methods. After that ransom note was displayed on the screen. Since this was a targeted attack there are two ransom note variants. One geared towards bigger people behind corporates and other one is simpler and blunter. Both demanding a payment in Bitcoin for locked files.

A virus is linked to North Korea

Ryuk ransomware appears to be linked with Lazarus hacking group that is working in North Korea. Based on the official report from Check Point, this attack targets enterprises that are capable of paying this huge ransom for their important data. The team behind this report says that this attack is based on tailored campaigns involving extensive network mapping, credential stealing and compromising the network. This is for the main goal of installing Ryuk to all systems.

Hermes ransomware was the product of Lazarus and it has a lot of similarities to the Ryuk. This is the main reason it is believed that North Korea-based hacker group is connected with this Ryuk ransomware attack. Software coding similarities mean that either it is the same hacker group or other team gained access to the same source code of the previous attack. Based on characteristics and functionality it is believed that Ryuk ransomware will victimize a lot more enterprises.

Ransomware prevention requires more precautionary measures

In a few recent years, ransomware evolved from an infection that affects regular PC users to corporate organizations targeting malware. This change is money driven because one ransom in 50 BTC from company equals 50 different computer users paying 1 BTC at the time. This also means that people behind the malicious programs are changing their products according to the size of their target. Ransomware creators change their coding to each version, making the new variant more dangerous than a previous one.

Companies as much as regular users need to amp up the security of their network, devices, and employes in general. There is a huge issue regarding ransomware attacks or data breaches, even privacy issues. Antivirus or anti-malware programs are also evolving based on recent activity. There is a need for increasing the security of every device and having one tool for that is not enough. Antivirus, anti-malware, and anti-spyware programs can help do that. It is important to update the software and applications more often to avoid system vulnerabilities. Having safe and clean system on the device can make a huge difference.