In China, a new ransomware virus Ryuk is being distributed

virus ryuck

An ransomware virus called Ryuk is distributed in China and requires users of infected devices to pay a large amount in BTC.

Tencent Security examined the Ryuk virus and found that it encrypts data on the infected device and requires a ransom from the BTC. The buyback is usually quite large compared to similar attacks in the past and has recently risen to 11 BTC.

The virus blocks victim systems using a modern hacker program, mainly through bot networks. It was first discovered in North America and uses RSA and AES algorithms to encrypt victims’ files. It seems that the campaign is focused, and its victims are government agencies and private organizations.

Ryuk came from the Hermes family of codes, and the earliest signs of its activity can be traced back to August 2018. It uses most of the Hermes code, has the same whitelist filtering mechanism as the Hermes virus, and also uses the Hermes string sequences even for a unique file infection marker.

The sample found in China releases and launches various modules that will help the virus unfold and further improve its efficiency. In recent attacks, a dropper was used, containing both 32-bit and 64-bit modules of the virus.

When Ryuk starts, it checks whether it has been executed with a specific argument, and then interrupts more than 40 processes and more than 180 services related to antivirus, databases, software for backing up and editing documents.

According to the researchers, almost all of the Ryuk virus samples detected had a unique BTC address. Shortly after the victim pays the ransom, the attackers split the bitcoins and transfer them to several accounts.

The extortionist also remains on infected devices and tries to encrypt network resources in addition to local drives. It also destroys its encryption key, shadow copies and various backup files from disk to prevent users from restoring files.

Recently, New York College Monroe was attacked by an extortionist virus – hackers demanded a ransom of 170 BTC. In addition, at the end of last month, the authorities of the American city of Lake City paid the extortionists a ransom of 42 BTC after the attack of the encryption virus.

Read more:

BitMEX has allocated $ 2.5 million to combat coronavirusBitMEX has allocated $ 2.5 million to combat coronavirus Tom Lee believes that bitcoin has embarked on a steady growth path FBI talked about cryptocurrency fraud schemes against COVID-19FBI talked about cryptocurrency fraud schemes against COVID-19 EOS Ecosystem wallet users lose $ 52 million coinsEOS Ecosystem wallet users lose $ 52 million coins At the last recount, the Bitcoin mining difficulty increased by 8.45%At the last recount, the Bitcoin mining difficulty increased by 8.45% Survey: 55% of U.S. private and public organizations fall victim to ransomware in 2019Survey: 55% of U.S. private and public organizations fall victim to ransomware in 2019 China gave cryptocurrency status of “virtual property” China’s investment in blockchain in 2019 decreased by 40% China's national blockchain platform will add support for public EOS network nodesChina’s national blockchain platform will add support for EOS network USA Tax Interests in Crypto MachinesUSA Tax Interests in Crypto Machines
CRYPTO MINING BLOG
Founder & CEO

No Comments

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *