![]() The Ryuk attackers demand higher ransom payments from their victims compared to many other ransomware gangs. Other researchers believe that Ryuk could be the creation of the original Hermes author or authors operating under the handle CryptoTech, who simply stopped selling their ransomware publicly after developing an improved version. The Ryuk gang is tracked by some security companies as Wizard Spider or Grim Spider and is the same group that operates TrickBot, a much older and active credential theft Trojan program that has a relationship with Ryuk. Several security companies later disproved those claims and Ryuk is now generally believed to be the creation of a Russian-speaking cybercriminal group that obtained access to Hermes, just like Lazarus likely did. Hermes was used by the North Korean state-sponsored Lazarus Group in an attack against the Taiwanese Far Eastern International Bank (FEIB) in October 2017, which led to reports that Hermes, and later Ryuk, were created by North Korean hackers. Ryuk first appeared in August 2018 but is based on an older ransomware program called Hermes that was sold on underground cybercrime forums in 2017. ![]() The group behind the malware is known for using manual hacking techniques and open-source tools to move laterally through private networks and gain administrative access to as many systems as possible before initiating the file encryption. Ryuk is a sophisticated ransomware threat that has been targeting businesses, hospitals, government institutions and other organizations since 2018.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |