Ryuk targets essentially Enterprise Networks around the globe, encrypting various types of data in storage, personal computers and data centers.
The creator already made $640,000 from various victims by demanding 15 BTC to 50 BTC in order to retrieve their files and some of the organization from the U.S and other countries are severely affected. Ransomware is a special type of malware that is able to encrypt data on a system once it gets into the system.
Researchers believe that Ryuk Ransomware might be another targetted campaign from Lazarus Group.
In this case, Attackers carefully pick the target and it’s intentionally built for small-scale enterprise networks and the attack carried out manually by the attackers.
Ryuk Ransomware kills more than 40 windows processes and stops more than 180 services by executing taskkill and net stop on a list of predefined service and process names.
Most of the services and processes are belonging to antivirus, database, backup and document editing software.
Once the malware gets on the system, it encrypts every drive and network share on the victim system except any file or directory which contain text from a hardcoded whitelist, like “Windows”, “Mozilla”, “Chrome”, “RecycleBin” and “Ahnlab”
This for the purpose of the victim’s web browser intact given that it may be required for reading the ransom note, purchasing cryptocurrency and so on.
Attackers using several wallets and victims need to pay the specific wallet that they received within the Ransom notes.