{"id":523,"date":"2018-08-22T11:41:47","date_gmt":"2018-08-22T11:41:47","guid":{"rendered":"http:\/\/esolutions.lt\/blog\/?p=523"},"modified":"2018-08-24T08:12:27","modified_gmt":"2018-08-24T08:12:27","slug":"ryuk-ransomware-two-weeks-of-existence-help-the-virus-generate-640-000-profit","status":"publish","type":"post","link":"https:\/\/esolutions.lt\/blog\/ryuk-ransomware-two-weeks-of-existence-help-the-virus-generate-640-000-profit\/","title":{"rendered":"Ryuk ransomware: two weeks of existence help the virus generate $640 000 profit"},"content":{"rendered":"<h2>Detailed Ryuk ransomware attacks appear to be tailored to each individual business separately<\/h2>\n<p>The hacker group behind this highly targeted ransomware attack made over $640 000. <a href=\"https:\/\/www.2-spyware.com\/remove-ryuk-ransomware.html\">Ryuku ransomware<\/a> exists and works only for two weeks but the profit from 10 or even fewer victims make these people rich. This virus attacks large businesses and the demanded ransom amount gets to 50 BTC. This depends on the company and the time a\u00a0victim spends before paying.\u00a0 Ransom differs from 15 to 50 BTC but each day ads a half of Bitcoin to the price. If a\u00a0victim waits longer than two weeks there is no opportunity to get those files back.<\/p>\n<p>This ransomware needs to gain admin access to the system to run wanted processes on the computer. This is why there is a lot of planning involved and it is believed that the team behind this malware are experienced in these type of targeted attacks. This attack involves extensive network mapping, stealing of credentials and data encrypting functions. Even ransom message is more detailed when the attack is geared toward a big company.<\/p>\n<h2>The virus is showing different ransom notes for companies and PC users<\/h2>\n<p>Ryuk ransomware is a virus that performs targeted attacks\u00a0and based on financial profiting, it gears more towards large companies. Because corporates are more likely to be willing to pay hefty amounts to get back to working\u00a0as smoothly as before. It is known that one company already paid more than $300 000 in bitcoin, for the developers of this ransomware. It is not surprising\u00a0that only two weeks of these targeted attacks made the people behind this <a href=\"https:\/\/searchsecurity.techtarget.com\/definition\/malware\">malware<\/a> $600k richer already.<\/p>\n<p>According to reports from cybersecurity\u00a0researchers this ransomware displays different\u00a0ransom notes for the different victim. If Ryuk attacks a large company it displays a lengthy ransom message that is written somewhat polite. It has more information about the attacks and virus developer suggest to pay the ransom because they can include tips and tricks on system vulnerability fixing and also a software that supposedly makes a difficult time for other hackers to get on the system. Also, the average\u00a0people ransom note has nothing about test decryption or <a href=\"https:\/\/blog.storagecraft.com\/5-common-encryption-algorithms\/\">encryption methods<\/a>.<\/p>\n<h2>Functionality\u00a0similar to a North Korea-based hacker group<\/h2>\n<p>Infamous Lazarus hacker group had been spreading\u00a0similar malware called Hermes ransomware. This virus had a few versions already. Many researchers pointed out the similarities between Ryuk and this infection. It is either the same team using the same source code or different team using the code of a well-known malware. Since it is fairly difficult that two different teams use the same code and have other similarities it is believed that Lazarus is behind Ryuk also.<\/p>\n<p>This targeted attack infiltrates the system using those system\u00a0vulnerabilities developers mention in the bigger ransom note. But there is a possibility that ransomware gets on the system by abusing poorly protected <a href=\"https:\/\/searchenterprisedesktop.techtarget.com\/definition\/Remote-Desktop-Protocol-RDP\">RDP<\/a> configurations. There is also pishing spam email campaigns that are commonly used to spread malware around the world. All of these methods are silent and dangerous.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Detailed Ryuk ransomware attacks appear to be tailored to each [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":524,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/posts\/523"}],"collection":[{"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/comments?post=523"}],"version-history":[{"count":4,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/posts\/523\/revisions"}],"predecessor-version":[{"id":528,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/posts\/523\/revisions\/528"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/media\/524"}],"wp:attachment":[{"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/media?parent=523"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/categories?post=523"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/esolutions.lt\/blog\/wp-json\/wp\/v2\/tags?post=523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}