Ryuk Ransomware

Understanding Ryuk Ransomware

Ryuk ransomware is a type of malicious software attack known for its targeting capabilities and high ransom demands. It was first discovered in August 2018 and has since become one of the most notorious and costly ransomware variants in existence. Unlike previous versions like WannaCry, Ryuk is specifically designed to focus on individual victims, making each attack unique. Cybercriminals behind Ryuk often carry out tailored infection methods and demand large sums of money.

What sets Ryuk apart from other ransomware is its emphasis on quality over quantity when selecting victims. The malware initiates a targeted attack on a specific victim, encrypts their files, and then demands an exorbitant ransom payment for their release.

These targeted attacks can take various forms, such as customized spear-phishing emails or the exploitation of compromised credentials to gain remote access to systems through Remote Desktop Protocol (RDP).

A spear-phishing email may contain Ryuk directly or serve as the initial step in a series of infections. Ryuk employs a combination of encryption algorithms, including the asymmetric AES-256 algorithm and the RSA 4096 algorithm. This means that Ryuk encrypts files using a symmetric algorithm and includes a copy of the symmetric encryption key encrypted with the RSA public key. When the victim pays the ransom, the Ryuk operator provides the corresponding RSA private key, enabling the decryption of the symmetric encryption key and subsequent decryption of the encrypted files.