| SYMBOL | COMMON_NAME | aka. SYNONYMS |
GRIM SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER, a criminal enterprise of which GRIM SPIDER appears to be a cell. The WIZARD SPIDER threat group, known as the Russia-based operator of the TrickBot banking malware, had focused primarily on wire fraud in the past. Similar to Samas and BitPaymer, Ryuk is specifically used to target enterprise environments. Code comparison between versions of Ryuk and Hermes ransomware indicates that Ryuk was derived from the Hermes source code and has been under steady development since its release. Hermes is commodity ransomware that has been observed for sale on forums and used by multiple threat actors. However, Ryuk is only used by GRIM SPIDER and, unlike Hermes, Ryuk has only been used to target enterprise environments. Since Ryuk’s appearance in August, the threat actors operating it have netted over 705.80 BTC across 52 transactions for a total current value of $3,701,893.98 USD. Grim Spider is reportedly associated with Lunar Spider and Wizard Spider.
| 2024-06-05
⋅
S-RM
⋅
Exmatter malware levels up: S-RM observes new variant with simultaneous remote code execution and data targeting BlackCat BlackMatter Conti ExMatter LockBit REvil Ryuk |
| 2023-11-26
⋅
Medium shaddy43
⋅
From Infection to Encryption: Tracing the Impact of RYUK Ransomware Ryuk |
| 2023-09-12
⋅
⋅
ANSSI
⋅
FIN12: A Cybercriminal Group with Multiple Ransomware BlackCat Cobalt Strike Conti Hive MimiKatz Nokoyawa Ransomware PLAY Royal Ransom Ryuk SystemBC |
| 2023-07-27
⋅
Bankinfo Security
⋅
Are Akira Ransomware's Crypto-Locking Malware Days Numbered? Akira Ryuk |
| 2022-12-06
⋅
EuRepoC
⋅
Conti/Wizard Spider BazarBackdoor Cobalt Strike Conti Emotet IcedID Ryuk TrickBot WIZARD SPIDER |
| 2022-09-13
⋅
AdvIntel
⋅
AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022 Conti Cobalt Strike Emotet Ryuk TrickBot |
| 2022-08-31
⋅
Fourcore
⋅
Ryuk Ransomware: History, Timeline, And Adversary Simulation Ryuk |
| 2022-08-22
⋅
Microsoft
⋅
Extortion Economics - Ransomware’s new business model BlackCat Conti Hive REvil AgendaCrypt Black Basta BlackCat Brute Ratel C4 Cobalt Strike Conti Hive Mount Locker Nokoyawa Ransomware REvil Ryuk |
| 2022-05-24
⋅
The Hacker News
⋅
Malware Analysis: Trickbot Cobalt Strike Conti Ryuk TrickBot |
| 2022-05-09
⋅
Microsoft
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT |
| 2022-05-05
⋅
Intel 471
⋅
Cybercrime loves company: Conti cooperated with other ransomware gangs LockBit Maze RagnarLocker Ryuk |
| 2022-04-17
⋅
BushidoToken Blog
⋅
Lessons from the Conti Leaks BazarBackdoor Conti Emotet IcedID Ryuk TrickBot |
| 2022-04-15
⋅
Arctic Wolf
⋅
The Karakurt Web: Threat Intel and Blockchain Analysis Reveals Extension of Conti Business Model Conti Diavol Ryuk TrickBot |
| 2022-04-13
⋅
Microsoft
⋅
Notorious cybercrime gang’s botnet disrupted Ryuk Zloader |
| 2022-04-13
⋅
Microsoft
⋅
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware BlackMatter Cobalt Strike DarkSide Ryuk Zloader |
| 2022-04-06
⋅
TRM Labs
⋅
TRM Analysis Corroborates Suspected Ties Between Conti and Ryuk Ransomware Groups and Wizard Spider Conti Ryuk |
| 2022-03-31
⋅
Trellix
⋅
Conti Leaks: Examining the Panama Papers of Ransomware LockBit Amadey Buer Conti IcedID LockBit Mailto Maze PhotoLoader Ryuk TrickBot |
| 2022-03-23
⋅
splunk
⋅
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk |
| 2022-03-17
⋅
Sophos
⋅
The Ransomware Threat Intelligence Center ATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry Dharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker Ragnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker |
| 2022-03-02
⋅
KrebsOnSecurity
⋅
Conti Ransomware Group Diaries, Part II: The Office Conti Emotet Ryuk TrickBot |
| 2022-03-02
⋅
⋅
elDiario
⋅
Cybercrime bosses warn that they will "fight back" if Russia is hacked Conti Ryuk |
| 2022-02-23
⋅
splunk
⋅
An Empirically Comparative Analysis of Ransomware Binaries Avaddon Babuk BlackMatter Conti DarkSide LockBit Maze Mespinoza REvil Ryuk |
| 2022-01-19
⋅
Blackberry
⋅
Kraken the Code on Prometheus Prometheus Backdoor BlackMatter Cerber Cobalt Strike DCRat Ficker Stealer QakBot REvil Ryuk |
| 2021-11-18
⋅
Medium 0xchina
⋅
Malware reverse engineering (Ryuk Ransomware) Ryuk |
| 2021-10-22
⋅
HUNT & HACKETT
⋅
Advanced IP Scanner: the preferred scanner in the A(P)T toolbox Conti DarkSide Dharma Egregor Hades REvil Ryuk |
| 2021-10-07
⋅
Mandiant
⋅
FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets BazarBackdoor GRIMAGENT Ryuk |
| 2021-10-05
⋅
Trend Micro
⋅
Ransomware as a Service: Enabler of Widespread Attacks Cerber Conti DarkSide Gandcrab Locky Nefilim REvil Ryuk |
| 2021-09-16
⋅
RiskIQ
⋅
Untangling the Spider Web: The Curious Connection Between WIZARD SPIDER’s Ransomware Infrastructure and a Windows Zero-Day Exploit Cobalt Strike Ryuk |
| 2021-08-15
⋅
Symantec
⋅
The Ransomware Threat Babuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike Conti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex MimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker |
| 2021-08-05
⋅
KrebsOnSecurity
⋅
Ransomware Gangs and the Name Game Distraction DarkSide RansomEXX Babuk Cerber Conti DarkSide DoppelPaymer Egregor FriedEx Gandcrab Hermes Maze RansomEXX REvil Ryuk Sekhmet |
| 2021-07-07
⋅
McAfee
⋅
Ryuk Ransomware Now Targeting Webservers Cobalt Strike Ryuk |
| 2021-06-16
⋅
Proofpoint
⋅
The First Step: Initial Access Leads to Ransomware BazarBackdoor Egregor IcedID Maze QakBot REvil Ryuk TrickBot WastedLocker TA570 TA575 TA577 |
| 2021-06-09
⋅
Twitter (@SecurityJoes)
⋅
Tweet on .NET builder of a Ryuk imposter malware Ryuk |
| 2021-06-07
⋅
Medium walmartglobaltech
⋅
Inside the SystemBC Malware-As-A-Service Ryuk SystemBC TrickBot |
| 2021-05-22
⋅
Youtube (ACPEnw)
⋅
Lessons Learned from a Cyber Attack System Admin Perspective Ryuk |
| 2021-05-18
⋅
The Record
⋅
Darkside gang estimated to have made over $90 million from ransomware attacks DarkSide DarkSide Mailto Maze REvil Ryuk |
| 2021-05-18
⋅
Bleeping Computer
⋅
DarkSide ransomware made $90 million in just nine months DarkSide DarkSide Egregor Gandcrab Mailto Maze REvil Ryuk |
| 2021-05-06
⋅
Sophos Labs
⋅
MTR in Real Time: Pirates pave way for Ryuk ransomware Ryuk |
| 2021-05-06
⋅
Cyborg Security
⋅
Ransomware: Hunting for Inhibiting System Backup or Recovery Avaddon Conti DarkSide LockBit Mailto Maze Mespinoza Nemty PwndLocker RagnarLocker RansomEXX REvil Ryuk Snatch ThunderX |
| 2021-04-26
⋅
CoveWare
⋅
Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound Avaddon Clop Conti DarkSide Egregor LockBit Mailto Phobos REvil Ryuk SunCrypt |
| 2021-04-17
⋅
Advanced Intelligence
⋅
Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021 Ryuk |
| 2021-04-07
⋅
ANALYST1
⋅
Ransom Mafia Analysis of the World's First Ransomware Cartel Conti Egregor LockBit Maze RagnarLocker Ryuk SunCrypt TA2101 VIKING SPIDER |
| 2021-03-21
⋅
Blackberry
⋅
2021 Threat Report Bashlite FritzFrog IPStorm Mirai Tsunami elf.wellmess AppleJeus Dacls EvilQuest Manuscrypt Astaroth BazarBackdoor Cerber Cobalt Strike Emotet FinFisher RAT Kwampirs MimiKatz NjRAT Ryuk SmokeLoader TrickBot |
| 2021-03-17
⋅
Palo Alto Networks Unit 42
⋅
Ransomware Threat Report 2021 RansomEXX Dharma DoppelPaymer Gandcrab Mailto Maze Phobos RansomEXX REvil Ryuk WastedLocker |
| 2021-03-04
⋅
NCC Group
⋅
Deception Engineering: exploring the use of Windows Service Canaries against ransomware Ryuk |
| 2021-03-01
⋅
⋅
CCN-CERT
⋅
Informe Código DañinoCCN-CERT ID-03/21: RyukRansomware Ryuk |
| 2021-03-01
⋅
YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)
⋅
Ryuk Ransomware - Advanced using of Scylla for Imports reconstruction Ryuk |
| 2021-03-01
⋅
Group-IB
⋅
Ransomware Uncovered 2020/2021 RansomEXX BazarBackdoor Buer Clop Conti DoppelPaymer Dridex Egregor IcedID Maze PwndLocker QakBot RansomEXX REvil Ryuk SDBbot TrickBot Zloader |
| 2021-02-28
⋅
PWC UK
⋅
Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team |
| 2021-02-27
⋅
4rchibld
⋅
Nice to meet you, too. My name is Ryuk. Ryuk |
| 2021-02-25
⋅
ANSSI
⋅
Ryuk Ransomware BazarBackdoor Buer Conti Emotet Ryuk TrickBot |
| 2021-02-23
⋅
CrowdStrike
⋅
2021 Global Threat Report RansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER SOLAR SPIDER VIKING SPIDER |
| 2021-02-22
⋅
YouTube ( Malware_Analyzing_&_RE_Tips_Tricks)
⋅
Ryuk Ransomware API Resolving in 10 minutes Ryuk |
| 2021-02-16
⋅
Proofpoint
⋅
Q4 2020 Threat Report: A Quarterly Analysis of Cybersecurity Trends, Tactics and Themes Emotet Ryuk NARWHAL SPIDER TA800 |
| 2021-02-11
⋅
CTI LEAGUE
⋅
CTIL Darknet Report – 2021 Conti Mailto Maze REvil Ryuk |
| 2021-02-04
⋅
ClearSky
⋅
CONTI Modus Operandi and Bitcoin Tracking Conti Ryuk |
| 2021-02-02
⋅
⋅
CRONUP
⋅
De ataque con Malware a incidente de Ransomware Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
| 2021-02-01
⋅
Twitter (@IntelAdvanced)
⋅
Tweet on Active Directory Exploitation by RYUK "one" group Ryuk |
| 2021-01-31
⋅
The DFIR Report
⋅
Bazar, No Ryuk? BazarBackdoor Cobalt Strike Ryuk |
| 2021-01-28
⋅
Huntress Labs
⋅
Analyzing Ryuk Another Link in the Cyber Attack Chain BazarBackdoor Ryuk |
| 2021-01-25
⋅
Twitter (@IntelAdvanced)
⋅
Tweet on Ryuk Ransomware group's post exploitation tactics including usage of Keethief tool Ryuk |
| 2021-01-07
⋅
Advanced Intelligence
⋅
Crime Laundering Primer: Inside Ryuk Crime (Crypto) Ledger & Risky Asian Crypto Traders Ryuk |
| 2020-12-28
⋅
0xC0DECAFE
⋅
Never upload ransomware samples to the Internet Ryuk |
| 2020-12-22
⋅
TRUESEC
⋅
Collaboration between FIN7 and the RYUK group, a Truesec Investigation Carbanak Cobalt Strike Ryuk |
| 2020-12-21
⋅
IronNet
⋅
Russian cyber attack campaigns and actors WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess |
| 2020-12-16
⋅
Accenture
⋅
Tracking and combatting an evolving danger: Ransomware extortion DarkSide Egregor Maze Nefilim RagnarLocker REvil Ryuk SunCrypt |
| 2020-12-10
⋅
Cybereason
⋅
Cybereason vs. Ryuk Ransomware BazarBackdoor Ryuk TrickBot |
| 2020-12-10
⋅
US-CERT
⋅
Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim REvil Ryuk Zeus |
| 2020-12-10
⋅
CyberInt
⋅
Ryuk Crypto-Ransomware Ryuk TrickBot |
| 2020-12-09
⋅
Cisco
⋅
Quarterly Report: Incident Response trends from Fall 2020 Cobalt Strike IcedID Maze RansomEXX Ryuk |
| 2020-11-20
⋅
ZDNet
⋅
The malware that usually installs ransomware and you need to remove right away Avaddon BazarBackdoor Buer Clop Cobalt Strike Conti DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
| 2020-11-19
⋅
Threatpost
⋅
APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies Quasar RAT Ryuk |
| 2020-11-18
⋅
DomainTools
⋅
Analyzing Network Infrastructure as Composite Objects Ryuk |
| 2020-11-16
⋅
Intel 471
⋅
Ransomware-as-a-service: The pandemic within a pandemic Avaddon Clop Conti DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk SunCrypt ThunderX |
| 2020-11-14
⋅
Medium 0xastrovax
⋅
Deep Dive Into Ryuk Ransomware Hermes Ryuk |
| 2020-11-06
⋅
Advanced Intelligence
⋅
Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware "one" Group via Cobalt Strike BazarBackdoor Cobalt Strike Ryuk |
| 2020-11-05
⋅
Github (scythe-io)
⋅
Ryuk Adversary Emulation Plan Ryuk |
| 2020-11-05
⋅
SCYTHE
⋅
#ThreatThursday - Ryuk BazarBackdoor Ryuk |
| 2020-11-05
⋅
Twitter (@ffforward)
⋅
Tweet on Zloader infection leads to Cobaltstrike Installation and deployment of RYUK Cobalt Strike Ryuk Zloader |
| 2020-11-05
⋅
The DFIR Report
⋅
Ryuk Speed Run, 2 Hours to Ransom BazarBackdoor Cobalt Strike Ryuk |
| 2020-11-04
⋅
VMRay
⋅
Trick or Threat: Ryuk ransomware targets the health care industry BazarBackdoor Cobalt Strike Ryuk TrickBot |
| 2020-10-31
⋅
splunk
⋅
Ryuk and Splunk Detections Ryuk |
| 2020-10-30
⋅
Cofense
⋅
The Ryuk Threat: Why BazarBackdoor Matters Most BazarBackdoor Ryuk |
| 2020-10-30
⋅
Github (ThreatConnect-Inc)
⋅
UNC 1878 Indicators from Threatconnect BazarBackdoor Cobalt Strike Ryuk |
| 2020-10-29
⋅
RiskIQ
⋅
Ryuk Ransomware: Extensive Attack Infrastructure Revealed Cobalt Strike Ryuk |
| 2020-10-29
⋅
Red Canary
⋅
A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak Cobalt Strike Ryuk TrickBot |
| 2020-10-29
⋅
Twitter (@anthomsec)
⋅
Tweet on UNC1878 activity BazarBackdoor Ryuk TrickBot UNC1878 |
| 2020-10-29
⋅
Twitter (@SophosLabs)
⋅
Tweet on similarities between BUER in-memory loader & RYUK in-memory loader Buer Ryuk |
| 2020-10-29
⋅
McAfee
⋅
McAfee Labs Threat Advisory Ransom-Ryuk Ryuk |
| 2020-10-29
⋅
CNN
⋅
Several hospitals targeted in new wave of ransomware attacks Ryuk |
| 2020-10-29
⋅
Bleeping Computer
⋅
Hacking group is targeting US hospitals with Ryuk ransomware Ryuk |
| 2020-10-29
⋅
Reuters
⋅
Building wave of ransomware attacks strike U.S. hospitals Ryuk |
| 2020-10-29
⋅
Palo Alto Networks Unit 42
⋅
Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector Anchor BazarBackdoor Ryuk TrickBot |
| 2020-10-28
⋅
Youtube (SANS Digital Forensics and Incident Response)
⋅
STAR Webcast: Spooky RYUKy: The Return of UNC1878 Ryuk |
| 2020-10-28
⋅
KrebsOnSecurity
⋅
FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals Ryuk |
| 2020-10-28
⋅
Youtube (SANS Institute)
⋅
Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast Ryuk UNC1878 |
| 2020-10-28
⋅
Github (aaronst)
⋅
UNC1878 indicators Ryuk UNC1878 |
| 2020-10-28
⋅
CISA
⋅
AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector AnchorDNS Anchor BazarBackdoor Ryuk |
| 2020-10-28
⋅
SophosLabs Uncut
⋅
Hacks for sale: inside the Buer Loader malware-as-a-service Buer Ryuk Zloader |
| 2020-10-28
⋅
FireEye
⋅
Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser BazarBackdoor Cobalt Strike Ryuk UNC1878 |
| 2020-10-27
⋅
Bleeping Computer
⋅
Steelcase furniture giant hit by Ryuk ransomware attack Ryuk |
| 2020-10-26
⋅
ThreatConnect
⋅
ThreatConnect Research Roundup: Ryuk and Domains Spoofing ESET and Microsoft Ryuk |
| 2020-10-22
⋅
Sentinel LABS
⋅
An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques Ryuk |
| 2020-10-22
⋅
Bleeping Computer
⋅
French IT giant Sopra Steria hit by Ryuk ransomware Ryuk |
| 2020-10-20
⋅
⋅
Bundesamt für Sicherheit in der Informationstechnik
⋅
Die Lage der IT-Sicherheit in Deutschland 2020 Clop Emotet REvil Ryuk TrickBot |
| 2020-10-18
⋅
The DFIR Report
⋅
Ryuk in 5 Hours BazarBackdoor Cobalt Strike Ryuk |
| 2020-10-16
⋅
CrowdStrike
⋅
WIZARD SPIDER Update: Resilient, Reactive and Resolute BazarBackdoor Conti Ryuk TrickBot |
| 2020-10-16
⋅
ThreatConnect
⋅
ThreatConnect Research Roundup: Possible Ryuk Infrastructure Ryuk |
| 2020-10-14
⋅
Sophos
⋅
They’re back: inside a new Ryuk ransomware attack Cobalt Strike Ryuk SystemBC |
| 2020-10-13
⋅
VirusTotal
⋅
Tracing fresh Ryuk campaigns itw Ryuk |
| 2020-10-12
⋅
Microsoft
⋅
New action to combat ransomware ahead of U.S. elections Ryuk TrickBot |
| 2020-10-12
⋅
Symantec
⋅
Trickbot: U.S. Court Order Hits Botnet’s Infrastructure Ryuk TrickBot |
| 2020-10-12
⋅
Advanced Intelligence
⋅
"Front Door" into BazarBackdoor: Stealthy Cybercrime Weapon BazarBackdoor Cobalt Strike Ryuk |
| 2020-10-08
⋅
The DFIR Report
⋅
Ryuk’s Return BazarBackdoor Cobalt Strike Ryuk |
| 2020-10-02
⋅
Health Sector Cybersecurity Coordination Center (HC3)
⋅
Report 202010021600: Recent Bazarloader Use in Ransomware Campaigns BazarBackdoor Cobalt Strike Ryuk TrickBot |
| 2020-10-01
⋅
KELA
⋅
To Attack or Not to Attack: Targeting the Healthcare Sector in the Underground Ecosystem Conti DoppelPaymer Mailto Maze REvil Ryuk SunCrypt |
| 2020-09-29
⋅
PWC UK
⋅
What's behind the increase in ransomware attacks this year? DarkSide Avaddon Clop Conti DoppelPaymer Dridex Emotet FriedEx Mailto PwndLocker QakBot REvil Ryuk SMAUG SunCrypt TrickBot WastedLocker |
| 2020-09-24
⋅
Kaspersky Labs
⋅
Threat landscape for industrial automation systems - H1 2020 Poet RAT Mailto Milum RagnarLocker REvil Ryuk Snake |
| 2020-09-01
⋅
Cisco Talos
⋅
Quarterly Report: Incident Response trends in Summer 2020 Cobalt Strike LockBit Mailto Maze Ryuk |
| 2020-08-20
⋅
sensecy
⋅
Global Ransomware Attacks in 2020: The Top 4 Vulnerabilities Clop Maze REvil Ryuk |
| 2020-08-18
⋅
Arete
⋅
Is Conti the New Ryuk? Conti Ryuk |
| 2020-08-01
⋅
Temple University
⋅
Critical Infrastructure Ransomware Attacks CryptoLocker Cryptowall DoppelPaymer FriedEx Mailto Maze REvil Ryuk SamSam WannaCryptor |
| 2020-06-23
⋅
Bleeping Computer
⋅
Ryuk ransomware deployed two weeks after Trickbot infection Ryuk |
| 2020-06-15
⋅
Cisco Talos
⋅
Quarterly report: Incident Response trends in Summer 2020 Ryuk |
| 2020-05-05
⋅
N1ght-W0lf Blog
⋅
Deep Analysis of Ryuk Ransomware Ryuk |
| 2020-04-19
⋅
SecurityLiterate
⋅
Reversing Ryuk: A Technical Analysis of Ryuk Ransomware Ryuk |
| 2020-04-14
⋅
Intel 471
⋅
Understanding the relationship between Emotet, Ryuk and TrickBot Emotet Ryuk TrickBot |
| 2020-03-31
⋅
FireEye
⋅
It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit Ryuk TrickBot UNC1878 |
| 2020-03-25
⋅
Wilbur Security
⋅
Trickbot to Ryuk in Two Hours Cobalt Strike Ryuk TrickBot |
| 2020-03-05
⋅
Microsoft
⋅
Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor PARINACOTA |
| 2020-03-04
⋅
Bleeping Computer
⋅
Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection Ryuk TrickBot |
| 2020-03-04
⋅
CrowdStrike
⋅
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
| 2020-03-03
⋅
PWC UK
⋅
Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle |
| 2020-03-02
⋅
⋅
c't
⋅
Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen Emotet Ryuk |
| 2020-02-25
⋅
RSA Conference
⋅
Feds Fighting Ransomware: How the FBI Investigates and How You Can Help FastCash Cerber Defray Dharma FriedEx Gandcrab GlobeImposter Mamba Phobos Rapid Ransom REvil Ryuk SamSam Zeus |
| 2020-02-13
⋅
Quick Heal
⋅
A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk Ryuk |
| 2020-02-12
⋅
VMWare Carbon Black
⋅
Ryuk Ransomware Technical Analysis Ryuk |
| 2020-02-10
⋅
Malwarebytes
⋅
2020 State of Malware Report magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor |
| 2020-01-29
⋅
ANSSI
⋅
État de la menace rançongiciel Clop Dharma FriedEx Gandcrab LockerGoga Maze MegaCortex REvil RobinHood Ryuk SamSam |
| 2020-01-29
⋅
ZDNet
⋅
DOD contractor suffers ransomware infection Ryuk |
| 2020-01-24
⋅
Bleeping Computer
⋅
New Ryuk Info Stealer Targets Government and Military Secrets Ryuk |
| 2020-01-24
⋅
ReversingLabs
⋅
Hunting for Ransomware Ryuk |
| 2020-01-17
⋅
Secureworks
⋅
Is It Wrong to Try to Find APT Techniques in Ransomware Attack? Defray Dharma FriedEx Gandcrab GlobeImposter Matrix Ransom MedusaLocker Phobos REvil Ryuk SamSam Scarab Ransomware |
| 2020-01-14
⋅
Bleeping Computer
⋅
Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices Ryuk |
| 2020-01-01
⋅
Secureworks
⋅
GOLD ULRICK Empire Downloader Ryuk TrickBot WIZARD SPIDER |
| 2020-01-01
⋅
Blackberry
⋅
State of Ransomware Maze MedusaLocker Nefilim Phobos REvil Ryuk STOP |
| 2019-12-26
⋅
Bleeping Computer
⋅
Ryuk Ransomware Stops Encrypting Linux Folders Ryuk |
| 2019-12-21
⋅
Decrypt
⋅
How ransomware exploded in the age of Bitcoin Ryuk |
| 2019-12-19
⋅
Malwarebytes
⋅
Threat spotlight: the curious case of Ryuk ransomware Ryuk |
| 2019-12-15
⋅
Bleeping Computer
⋅
Ryuk Ransomware Likely Behind New Orleans Cyberattack Ryuk |
| 2019-12-09
⋅
Emsisoft
⋅
Caution! Ryuk Ransomware decryptor damages larger files, even if you pay Ryuk |
| 2019-11-27
⋅
Twitter (@Prosegur)
⋅
Tweet on Incident of Information Security Ryuk |
| 2019-11-06
⋅
⋅
Heise Security
⋅
Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail Emotet Ryuk TrickBot |
| 2019-11-05
⋅
Information Age
⋅
Hospital cyberattack could have been avoided Ryuk |
| 2019-11-01
⋅
⋅
CCN-CERT
⋅
Informe Código Dañino CCN-CERT ID-26/19 Ryuk |
| 2019-11-01
⋅
CrowdStrike
⋅
WIZARD SPIDER Adds New Features to Ryuk for Targeting Hosts on LAN Ryuk WIZARD SPIDER |
| 2019-05-09
⋅
GovCERT.ch
⋅
Severe Ransomware Attacks Against Swiss SMEs Emotet LockerGoga Ryuk TrickBot |
| 2019-04-05
⋅
FireEye
⋅
Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware LockerGoga Ryuk FIN6 |
| 2019-04-02
⋅
Cybereason
⋅
Triple Threat: Emotet Deploys Trickbot to Steal Data & Spread Ryuk Ryuk TrickBot |
| 2019-03-26
⋅
⋅
ANSSI
⋅
INFORMATIONS CONCERNANTLES RANÇONGICIELSLOCKERGOGA ET RYUK Ryuk |
| 2019-01-11
⋅
FireEye
⋅
A Nasty Trick: From Credential Theft Malware to Business Disruption Ryuk TrickBot GRIM SPIDER WIZARD SPIDER |
| 2019-01-10
⋅
CrowdStrike
⋅
Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware Ryuk GRIM SPIDER MUMMY SPIDER STARDUST CHOLLIMA WIZARD SPIDER |
| 2019-01-09
⋅
McAfee
⋅
Ryuk Ransomware Attack: Rush to Attribution Misses the Point Ryuk |
| 2019-01-01
⋅
Virus Bulletin
⋅
Shinigami's Revenge: The Long Tail of Ryuk Malware Ryuk |
| 2018-12-29
⋅
Los Angeles Times
⋅
Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S. Ryuk |
| 2018-08-20
⋅
Check Point
⋅
Ryuk Ransomware: A Targeted Campaign Break-Down Ryuk |