Ryuk, a targeted and well planned Ransomware, has attacked various organisations worldwide. Till today the the campaign has targeted several enterprises, while encrypting hundreds of PC, Storage and data centers in each infected company.
While the ransomware’s technical capabilities are relatively low, at least three organisations in the US and the Worldwide were severely hit by the malware. Furthermore, some organisations paid an exceptionally large amount of ransom in order to retrieve their data but the ransom amount varies among the victims.
An overview of Ryuk
Unlike the common ransomware, systematically distributed via massive spam campaigns and exploit kits, Ryuk is used exclusively for tailored attacks. In fact, its encryption scheme is intentionally built for small-scale operations, such that only crucial assets and resources are infected in each targeted network with its infection and distribution carried out manually by the attackers.
This means extensive network mapping, hacking and credential collection is mandatory and it takes place prior to each operation. Like many other ransomware campaigns, the Ryuk campaign includes demand for the payment in Bitcoin. But unlike many attackers the Ryuk operators are swinging for the fences with their demands.
It was found that one of the victims paid $320,000 and another paid $224,000. Attackers have been collecting the payments in a number of different wallets, using unique wallets for almost every victim. Once a victim has made a payment, the amount collected is distributed in number of different wallets, which makes it difficult to trace and track the attackers!