

A new ransomware named Ryuk is making the rounds, and, according to current reports, the group behind it has already made over $640,000 worth of Bitcoin. Over the past two weeks, Ryuk, a targeted and well-planned Ransomware, has attacked various organizations worldwide. So far the campaign has targeted several enterprises while encrypting hundreds of PC, storage and data centers in each infected company. Reports leading cyber threat intelligence team at Check Point on their latest analysis.

Attacks with this ransomware strain were first spotted last Monday, August 13, according to independent security researcher MalwareHunter, who first tweeted about this new threat.

From 13th this month, we seen 5 victims of a ransomware. At least 3 of them are companies (from those, 2 are from US, 1 from Germany, and 1 of the 3 is healthcare related).

The ransom note seems Bitpaymer, encrypted files seems Hermes.

Strange.

🤔@BleepinComputer @demonslay335 — MalwareHunterTeam (@malwrhunterteam) August 17, 2018



While the ransomware’s technical capabilities are relatively low, at least three organizations in the US and worldwide were severely hit by the malware. Furthermore, some organizations paid an exceptionally large ransom in order to retrieve their files. Although the ransom amount itself varies among the victims (ranging between 15 BTC to 50 BTC) it has already netted the attackers over $640,000 reveals ‘Check Point’.

Check Point also shares an image showing the Bitcoin Transaction Flow, from the ransom payment to the cashing out stage.

Unlike the common ransomware, systematically distributed via massive spam campaigns and exploit kits, Ryuk is used exclusively for tailored attacks. In fact, its encryption scheme is intentionally built for small-scale operations, such that only crucial assets and resources are infected in each targeted network with its infection and distribution carried out manually by the attackers.

Screenshots shared by MalwareHunterTeam on Twitter.

The research team at Check Point also says that from the exploitation phase through to the encryption process and up to the ransom demand itself, the carefully operated Ryuk campaign is targeting enterprises that are capable of paying a lot of money in order to get back on track. Their analysis concludes by saying that Check Point’s SandBlast Agent Anti-Ransomware product can protect its users from the vicious Ryuk ransomware.

Sources: https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/

https://twitter.com/malwrhunterteam/status/1030529747174998016