What Is Ryuk Ransomware?

Ryuk ransomware is a ransomware attack. The Ryuk ransomware variant was originally discovered in August 2018 and since then it has managed to grow in visibility in order to become one of the most known as well as costliest ransomware variants of our time. This is due to the fact that, unlike early variations such as WannaCry, Ryuk is designed to be targeted. The design of this malware means that each of the victims has to receive the individual attention of the cybercriminals operating the malware. Ryuk is used in many targeted campaigns that have highly tailored infection vectors as well as high ransom demands. 

Discussing Ryuk even further, the ransomware focuses on quality over quantity when it comes to picking out its victims. A Ryuk infection starts with a targeted attack to infect an intended victim, which follows file encryption as well as an extremely large ransom demand by the Ryuk ransomware.

When we discuss targeted means, these include the use of tailored spear-phishing emails as well as the exploitation of compromised credentials that are used to remotely access systems through a Remote Desktop Protocol (RDP). 

A spear phishing email can carry Ryuk directly or be one of the first in a series of infections. Ryuk then uses a combination of encryption algorithms, such as an asymmetric algorithm known as AES-256 as well as an asymmetric algorithm known as RSA 4096. This means that Ryuk essentially encrypts a file with the symmetric algorithm and includes a copy of the symmetric encryption key encrypted with the RSA public key. When the victim pays for the ransom, the Ryuk operator will provide a copy of the corresponding RSA private key, which enables decryption for the symmetric encryption key where it is used on the encrypted files.