Ransomware has always given sudden quake by attacking the data of many businesses. According to Robinson & Cole from Lexology report, FBI recently flashes that RYUK ransomware is hitting more than 100 U.S. companies. It is predicted that RYUK will leave the damage on companies like logistics, technology, small municipalities and government agencies.”

On May 18th, 2019 Monster Cloud’s CEO Zohar Pinhasi on WPTV said that RYUK is the new ransomware taking down businesses and government agencies. Ryuk, which started affecting companies in August 2018, is different from many other ransomware families, not because of its capabilities, but because of the novel way it infects systems.

RYYK was first seen in August 2018 and at that time at least three organizations were hit with Ryuk infections landing the attackers about $640,000 in ransom for their efforts. Researchers at checkpoint conducted deep analysis of this threat, and one of their findings was that Ryuk shares many similarities with another ransomware family Hermes. Inside of both Ryuk and Hermes, there are numerous instances of similar or identical code segments.

According to Flash given by FBI, when RYUK ransomware enters in your system, it deletes all files related to intrusion so it is impossible to identify the infection vector. It is able to steal credentials and brute forced Remote Desktop Protocols (RDPs) to gain access. After the attacker has gained access, more network exploitation tools can be downloaded on the victim’s system. Once RYUK gets executed, it establishes persistence in the registry, injects into running processes, looks for network connected file systems, and starts encrypting files.

The FBI is looking for certain symptoms that includes information such as-

  • Recovered executable file
  • Copies of the “readme” file—DO NOT REMOVE the file or decryption may not be possible
  • Live memory (RAM) capture
  • Images of infected systems
  • Malware samples
  • Log files
  • E-mail addresses of the attackers
  • A copy of the ransom note
  • Ransom amount and whether or not the ransom was paid
  • Bitcoin wallets used by the attackers
  • Bitcoin wallets used to pay the ransom
  • Names of any other malware identified on your system
  • Copies of any communications with attackers

We at G’SecureLabs have capabilities to save you from becoming a victim. Our managed detection and reaction (MDR) solutions have the ability to detect and prevent ransomware like RYUK through behavioural patterns shown by ransomware. MDR ensures that RYUK gets killed in very early stages of execution. This is possible with our cybersecurity professionals using machine learning (ML), IOA against these types of malware family. If you are a victim of a cyber-attack or ransomware, contact G’Securelabs at security@gsecurelabs.com


G'SECURE LABS Offers a comprehensive suite of solutions for BFSI, Enterprises, Online Portals and SME’S

The Netherlands
Maria Montessorilaan 3,
2719 DB Zoetermeer,
The Netherlands
Tel: +31 (0) 79 3200 980

North America
2651, Pearland Parkway,
Suite 102, Pearland,
Texas 77581
Tel: +1 (518) 320 7711

B/81, Corporate House,
Ahmedabad - 380054
Tel: +91 79 2685 2554