Skip to main content

Ryuk ransomware goes after millions in Bitcoin from big business

(Image credit: Image Credit: Christiaan Colen / Flickr)

A new form of ransomware is being used to attack large businesses and steal money using Bitcoin, with around $4m already missing, reports have said.

Multiple cybersecurity researchers have identified the ransomware strain, named Ryuk, which encrypts important data on a network and asks for ransom in cryptocurrency, in exchange for the decryption key.

But what makes this attack more unique and rarer is how hackers prepare for the strike. Unlike the usual, where hackers would just indiscriminately target as many machines as possible, these criminals would first try to install the Trickbot trojan.

This trojan would reside on a target system for a long period of time, maybe even a year. It would do very valuable reconnaissance to allow hackers to understand if the target network belongs to a large, wealthy enterprise or not. If it indeed does, they’d use Trickbot to identify most important computers and data sets before sending in Ryuk to do the dirty work.

So far, this approach has made them $3.7 million worth of Bitcoin, in 52 attacks that were registered since August last year.

Ryuk’s origins are yet unknown, with some experts claiming it’s from North Korea, while others disagree, saying it is more likely from Russia.

Image Credit: Christiaan Colen / Flickr