Ryuk, a bitcoin ransomware virus is now targeting Chinese enterprises. It has already gatecrashed over 100 government and private entities in the US and is now hitting China.

Ryuk has victimized the Chinese logistic, technology sectors and small municipalities that acquires high data value. It is asking for a ransom of around $5 million in bitcoins. This malicious code was also suspected of the Tribune Publishing hack that intruded various media outlets. Many similar incidents of ransomware attacks took place after months in the US.

This bitcoin ransomware is like the improved version of the Hermes virus. It enters with the help of usual botnet, spam procedures and targets the undefended IP ports for invasion. After the installation, first, it deletes all the files based on intrusion detection, antiviruses and hides the infection vector. However, in a case, the FBI found proof of its entrance with Remote Desktop Protocols.

It also leaves a blackmail message as a “RyukReadMe” file on the internet browser of the victim. The HTML webpage only shows the email addresses of two hackers, the virus’s name, and the phrase “balance of shadow universe”.

The FBI is chasing the virus since 2018 and has witnessed various changes. This Chinese form of the virus has a 32-bit and 64-bit blackmail module. It may permit the evolution of the bug.

Earlier, Ryuk demanded a hefty ransom of $286,556, the highest demanded ransom in Q1 2019. Now many firms are investing in cryptocurrencies and are under the risk of such ransomware attacks. So, it’s better to take strict security measures to minimize the effects of such incidents.