Ransomware

Ryuk

First seen: 2018-08 • Status: inactive

Currently Inactive

Ryuk was a ransomware that attacked hospitals and big companies. It often arrived after other malware like TrickBot infected the network first.

Overview

Ryuk was a devastating ransomware operation targeting large organizations. It was often deployed after TrickBot and Emotet infections.

How It Spreads

  • TrickBot infection
  • Emotet infection
  • Manual deployment

What It Does

  • Encrypts files
  • Deletes backups
  • Targets domain controllers

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Watch for Ryuk signatures
  • Monitor for backup deletion

MITRE ATT&CK Techniques

T1486, T1490, T1489

If You're Infected

  1. 1.

    Isolate all affected systems

  2. 2.

    Engage ransomware response team

Related Malware

Trickbot, Emotet, Conti

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices