ryuk ransomware what is it

What is Ryuk Ransomware?

There has been a lot of talk in the cybersecurity world lately about Ryuk. Straight Edge Technology has put together some important information about what it is, where it came from, and its latest attack in simple (not geek-speak) terms.

The Ryuk ransomware was first discovered in August 2018 when at least 3 organizations fell victim to the attack. Usually a botnet will infect a network and use its own malware to attack the system. Other malware such as Ryuk will be sent to connected users. The victim’s files will be encrypted and only released back to them after paying a ransom. This ransom in the past has been as high as $400,000.

What is Ryuk Ransomware? 1

Below is an example of the ransom “note” you will receive from Ryuk, including instructions on how to pay the ransom and ultimately decrypt their files.

What is Ryuk Ransomware? 2

Now for the name: where does the name, Ryuk, originate from? It refers to a character in the anime series, “Death Note”. This character is named Ryuk and is an evil spirit who introduces a journal that can be used to kill anyone just by writing their name in it. There is no surprise now why these cyber criminals chose this name for this type of cyber crime that can negatively affect a business in multiple ways. Not only are these victims required to pay a ransom, but their business also suffers from downtime and a hit to their reputation. Below is an image of the famous “evil spirit” character. Scary, right?

What is Ryuk Ransomware? 3

Ryuk ransomware has appeared in the news recently for possibly being the cause of a ransomware attack of the City of New Orleans. The city’s mayor, Latoya Cantrell, announced “a state of emergency” for New Orleans on December 13th. NOLA Ready which is the city’s emergency preparedness campaign required the city to power down all their servers, take down all NOLA.gov websites, and the employees to power down their computers and disconnect from the WiFi. On December 16th, the city announced they started to recover and reopen all of their servers and sites. December 19th, the NOLA.gov sites were officially back up and accessible for citizens.

Sources: NJCCIC, Naked Security, Latest Hacking News, Malwarebytes, Intellithought,