Skip to main content

Ryuk ransomware "still going strong"

(Image credit: Image Credit: Christiaan Colen / Flickr)

It’s almost March 2019, but the Ryuk ransomware is still going strong.

Latest reports from McAfee and Coveware (opens in new tab)claim that there are still “several” hacking groups using Ryuk to extort money out of their victims.

Ryuk has become popular after its users targeted US newspapers, but this time around, the report states that IT hosting, as well as Freight and Logistics industries, have been particularly interesting for attackers.

“IT Hosting companies are of note as the size and number of their servers can make them appear like a large organization,” it was said.

The groups behind the attack ‘have a relation with one of the post-Soviet republics’, it was said, mostly because Russian text was found in one of the encrypted files. Also, there were some cultural references being thrown around during ransom negotiations.

Researchers believe the attackers have some relation to those behind the Trickbot banking trojan.

The ransomware itself seems to descend from Hermes2.1. It’s not designed to target large corporations but still, the attackers demand 10 times more money than your average cybercrime organisations.

Usually, they start with a $145,000 demand, but some companies get a 60 per cent discount, if they can be granted negotiation privileges.

“In a world where cybercriminals are forced to constantly adapt and seek new weaknesses in systems to turn into profits, we have been observing that ransomware is once again on the rise,” commented John Fokker, Head of Cyber Investigations at McAfee.

“This is a prospect that is especially worrying given the rise of synergistic threats, where malware is written to include various malicious components with the intention of blurring the vision of the primary objective – just as a smokescreen would. As ransomware threats evolve, our advice for victims is simple: always seek professional advice when you are faced with a targeted ransomware attack such as Ryuk. A wealth of advice can also be accessed via the NoMoreRansom initiative’s website.”

Image Credit: Christiaan Colen / Flickr


Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.