Skip to main content

Ryuk ransomware goes after millions in Bitcoin from big business

(Image credit: Image Credit: Christiaan Colen / Flickr)

A new form of ransomware is being used to attack large businesses and steal money using Bitcoin, with around $4m already missing, reports have said.

Multiple cybersecurity researchers have identified the ransomware strain, named Ryuk, which encrypts important data on a network and asks for ransom in cryptocurrency, in exchange for the decryption key.

But what makes this attack more unique and rarer is how hackers prepare for the strike. Unlike the usual, where hackers would just indiscriminately target as many machines as possible, these criminals would first try to install the Trickbot trojan.

This trojan would reside on a target system for a long period of time, maybe even a year. It would do very valuable reconnaissance to allow hackers to understand if the target network belongs to a large, wealthy enterprise or not. If it indeed does, they’d use Trickbot to identify most important computers and data sets before sending in Ryuk to do the dirty work.

So far, this approach has made them $3.7 million worth of Bitcoin, in 52 attacks that were registered since August last year.

Ryuk’s origins are yet unknown, with some experts claiming it’s from North Korea, while others disagree, saying it is more likely from Russia.

Image Credit: Christiaan Colen / Flickr

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.