Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware
Contents
Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware
January 10, 2019Alexander Hanel Research & Threat Intel
WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as âbig game hunting,â signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.Â
The actor name GRIM SPIDER was introduced into CrowdStrikeâs nomenclature in September 2018 for the group that operates the Ryuk ransomware as a distinct sub-group of the WIZARD SPIDER criminal enterprise. However, in June 2019, further evidence emerged that allowed CrowdStrike to assess with high confidence that Ryuk is in fact operated as part of the core WIZARD SPIDER actor group.
CrowdStrike Intelligence will now solely use the actor name WIZARD SPIDER …
January 10, 2019Alexander Hanel Research & Threat Intel
WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as âbig game hunting,â signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.Â
The actor name GRIM SPIDER was introduced into CrowdStrikeâs nomenclature in September 2018 for the group that operates the Ryuk ransomware as a distinct sub-group of the WIZARD SPIDER criminal enterprise. However, in June 2019, further evidence emerged that allowed CrowdStrike to assess with high confidence that Ryuk is in fact operated as part of the core WIZARD SPIDER actor group.
CrowdStrike Intelligence will now solely use the actor name WIZARD SPIDER …
IoC
501e925e5de6c824b5eeccb3ccc5111cf6e312258c0877634935df06b9d0f8b9
5e2c9ec5a108af92f177cabe23451d20e592ae54bb84265d1f972fcbd4f6a409
78c6042067216a5d47f4a338dd951848b122bbcbcd3e61290b2f709543448d90
795db7bdad1befdd3ad942be79715f6b0c5083d859901b81657b590c9628790f
ac648d11f695cf98993fa519803fa26cd43ec32a7a8713bfa34eb618659aff77
[email protected]
fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b
[email protected]
5e2c9ec5a108af92f177cabe23451d20e592ae54bb84265d1f972fcbd4f6a409
78c6042067216a5d47f4a338dd951848b122bbcbcd3e61290b2f709543448d90
795db7bdad1befdd3ad942be79715f6b0c5083d859901b81657b590c9628790f
ac648d11f695cf98993fa519803fa26cd43ec32a7a8713bfa34eb618659aff77
[email protected]
fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b
[email protected]