Ryuk Ransomware: A Targeted Campaign Break-Down
Contents
Research by: Itay Cohen, Ben Herzog
Over the past two weeks, Ryuk, a targeted and well-planned Ransomware, has attacked various organizations worldwide. So far the campaign has targeted several enterprises, while encrypting hundreds of PC, storage and data centers in each infected company.
While the ransomware’s technical capabilities are relatively low, at least three organizations in the US and worldwide were severely hit by the malware. Furthermore, some organizations paid an exceptionally large ransom in order to retrieve their files. Although the ransom amount itself varies among the victims (ranging between 15 BTC to 50 BTC) it has already netted the attackers over $640,000.
Curiously, our research lead us to connect the nature of Ryuk’s campaign and some of its inner-workings to the HERMES ransomware, a malware commonly attributed to the notorious North Korean APT Lazarus Group, which was also used in massive targeted attacks. This leads us to believe that the current …
Over the past two weeks, Ryuk, a targeted and well-planned Ransomware, has attacked various organizations worldwide. So far the campaign has targeted several enterprises, while encrypting hundreds of PC, storage and data centers in each infected company.
While the ransomware’s technical capabilities are relatively low, at least three organizations in the US and worldwide were severely hit by the malware. Furthermore, some organizations paid an exceptionally large ransom in order to retrieve their files. Although the ransom amount itself varies among the victims (ranging between 15 BTC to 50 BTC) it has already netted the attackers over $640,000.
Curiously, our research lead us to connect the nature of Ryuk’s campaign and some of its inner-workings to the HERMES ransomware, a malware commonly attributed to the notorious North Korean APT Lazarus Group, which was also used in massive targeted attacks. This leads us to believe that the current …
IoC
1354ac0d5be0c8d03f4e3aba78d2223e
29340643ca2e6677c19e1d3bf351d654
5ac0f050f93f86e69026faea1fbb4450
86c314bc2dc37ba84f7364acd5108c2b
8d3f68b16f0710f858d8c1d2c699260e6f43161a5510abb0e7ba567bd72c965b
958c594909933d4c82e93c22850194aa
c0202cf6aeab8437c638533d14563d35
cb0c1248d3899358a375888bb4e8f3fe
d348f536e214a47655af387408b4fca5
29340643ca2e6677c19e1d3bf351d654
5ac0f050f93f86e69026faea1fbb4450
86c314bc2dc37ba84f7364acd5108c2b
8d3f68b16f0710f858d8c1d2c699260e6f43161a5510abb0e7ba567bd72c965b
958c594909933d4c82e93c22850194aa
c0202cf6aeab8437c638533d14563d35
cb0c1248d3899358a375888bb4e8f3fe
d348f536e214a47655af387408b4fca5