changelogUpdate
Read More

What is a Ryuk Ransomware?

10 Feb 2023
4 Minute Read

Ryuk Ransomware is a type of malware that encrypts the files on a victim's computer and demands payment in exchange for the decryption key. This ransomware is one of the most notorious and damaging forms of cybercrime, as it can cause significant financial losses and disrupt the operations of individuals, businesses, and organizations.

Ryuk Ransomware is typically spread through phishing emails or through the exploitation of vulnerabilities in software and operating systems. Once the malware infects a computer, it encrypts the files on the system and adds a ".ryk" extension to the file names. The malware then displays a ransom note demanding payment in exchange for the decryption key.

The attackers behind Ryuk Ransomware typically demand payment in cryptocurrency, such as Bitcoin, making it difficult for authorities to trace the payment and track down the attackers. The ransom demands are usually substantial, ranging from thousands to hundreds of thousands of dollars.

Victims of Ryuk Ransomware face a difficult decision: pay the ransom or risk losing their valuable data permanently. In some cases, paying the ransom may not guarantee that the attackers will provide the decryption key, as there have been instances where victims have paid the ransom but the attackers did not provide the key.

To prevent against Ryuk Ransomware and other forms of malware, it is important to implement security measures such as regular backups, software and operating system updates, and strong anti-virus protection. Additionally, users should be cautious when opening emails and attachments from unknown sources, and be mindful of any suspicious activity on their computer.

Simplified Example

Imagine you have a lemonade stand and you've been saving up your earnings to buy a brand new bike. One day, a stranger comes and puts a lock on your lemonade stand, and won't remove it until you give them some of your hard-earned money. That's similar to what Ryuk Ransomware does to computers. It puts a lock on your computer and won't let you access your files or use your computer until you pay the bad guys money. Just like the stranger took your lemonade stand profits, the Ryuk Ransomware takes control of your computer and makes it so you can't use it until you pay up.

Who Invented Ryuk Ransomware?

Determining the exact originator of the term "Ryuk Ransomware" is challenging due to the anonymity associated with cybercriminal activities. Researchers initially attributed its creation to the relatively unknown group CryptoTech, observed discussing Hermes 2.1 in an underground forum in August 2017. Suspected of North Korean origin due to its targeting of government and financial institutions, Ryuk is now believed to be the product of multiple Russian cybercriminal cartels. While the specific term's inventor remains unclear, "Ryuk" likely emerged within the cybercriminal community as a way to identify and discuss this specific ransomware strain.

Examples

Garmin: In July 2020, the GPS and fitness tracking company Garmin was hit by a Ryuk ransomware attack. The attack resulted in the company's systems being taken offline for several days, causing significant disruption to its operations. Garmin ultimately paid a ransom to the attackers in order to regain access to its systems and data.

Universal Health Services: In September 2020, the healthcare provider Universal Health Services was hit by a Ryuk ransomware attack that took its computer systems offline for several days. The attack resulted in widespread disruption to the company's operations, and the company ultimately paid a ransom to the attackers in order to regain access to its systems and data.

EDP Energy: In January 2021, the Portuguese energy company EDP was hit by a Ryuk ransomware attack that impacted its operations in several countries. The attack resulted in the theft of sensitive data, and the company was forced to pay a ransom to the attackers in order to regain access to its systems and data.

  • Ransomware: A type of malicious software that encrypts the files on a computer or network and demands payment from the victim in exchange for a decryption key.

  • WannaCry Ransomware: A type of malicious software that encrypts a user’s files, making them inaccessible unless a ransom is paid.

Share this article