SYMBOL | COMMON_NAME | aka. SYNONYMS |
Actor(s): FIN6, GRIM SPIDER, UNC1878, WIZARD SPIDER
Ryuk is a ransomware which encrypts its victim's files and asks for a ransom via bitcoin to release the original files. It is has been observed being used to attack companies or professional environments. Cybersecurity experts figured out that Ryuk and Hermes ransomware shares pieces of codes. Hermes is commodity ransomware that has been observed for sale on dark-net forums and used by multiple threat actors.
2021-02-23 ⋅ CrowdStrike ⋅ 2021 Global Threat Report RansomEXX Amadey Anchor Avaddon Ransomware BazarBackdoor Clop Cobalt Strike Conti Ransomware Cutwail DanaBot DarkSide DoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker Mespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT RagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet Ransomware ShadowPad SmokeLoader Snake Ransomware SUNBURST SunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader |
2021-02-22 ⋅ YouTube ( Malware_Analyzing_&_RE_Tips_Tricks) ⋅ Ryuk Ransomware API Resolving in 10 minutes Ryuk |
2021-02-11 ⋅ CTI LEAGUE ⋅ CTIL Darknet Report – 2021 Conti Ransomware Mailto Maze REvil Ryuk |
2021-02-04 ⋅ ClearSky ⋅ CONTI Modus Operandi and Bitcoin Tracking Conti Ransomware Ryuk |
2021-02-02 ⋅ CRONUP ⋅ De ataque con Malware a incidente de Ransomware Avaddon Ransomware BazarBackdoor Buer Clop Cobalt Strike Conti Ransomware DanaBot Dharma Dridex Egregor Emotet Empire Downloader FriedEx GootKit IcedID MegaCortex Nemty Phorpiex PwndLocker PyXie QakBot RansomEXX REvil Ryuk SDBbot SmokeLoader TrickBot Zloader |
2021-02-01 ⋅ Twitter (@IntelAdvanced) ⋅ Tweet on Active Directory Exploitation by RYUK "one" group Ryuk |
2021-01-31 ⋅ The DFIR Report ⋅ Bazar, No Ryuk? BazarBackdoor Cobalt Strike Ryuk |
2021-01-28 ⋅ Huntress Labs ⋅ Analyzing Ryuk Another Link in the Cyber Attack Chain BazarBackdoor Ryuk |
2021-01-25 ⋅ Twitter (@IntelAdvanced) ⋅ Tweet on Ryuk Ransomware group's post exploitation tactics including usage of Keethief tool Ryuk |
2021-01-07 ⋅ Advanced Intelligence ⋅ Crime Laundering Primer: Inside Ryuk Crime (Crypto) Ledger & Risky Asian Crypto Traders Ryuk |
2020-12-28 ⋅ 0xC0DECAFE ⋅ Never upload ransomware samples to the Internet Ryuk |
2020-12-22 ⋅ TRUESEC ⋅ Collaboration between FIN7 and the RYUK group, a Truesec Investigation Carbanak Cobalt Strike Ryuk |
2020-12-21 ⋅ IronNet ⋅ Russian cyber attack campaigns and actors WellMail elf.wellmess Agent.BTZ BlackEnergy EternalPetya Havex RAT Industroyer Ryuk Triton WellMess |
2020-12-16 ⋅ Accenture ⋅ Tracking and combatting an evolving danger: Ransomware extortion DarkSide Egregor Maze Nefilim Ransomware RagnarLocker REvil Ryuk SunCrypt |
2020-12-10 ⋅ Cybereason ⋅ Cybereason vs. Ryuk Ransomware BazarBackdoor Ryuk TrickBot |
2020-12-10 ⋅ CyberInt ⋅ Ryuk Crypto-Ransomware Ryuk TrickBot |
2020-12-10 ⋅ US-CERT ⋅ Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data PerlBot Shlayer Agent Tesla Cerber Dridex Ghost RAT Kovter Maze MedusaLocker Nanocore RAT Nefilim Ransomware REvil Ryuk Zeus |
2020-12-09 ⋅ Cisco ⋅ Quarterly Report: Incident Response trends from Fall 2020 Cobalt Strike IcedID Maze RansomEXX Ryuk |
2020-11-20 ⋅ ZDNet ⋅ The malware that usually installs ransomware and you need to remove right away Avaddon Ransomware BazarBackdoor Buer Clop Cobalt Strike Conti Ransomware DoppelPaymer Dridex Egregor Emotet FriedEx MegaCortex Phorpiex PwndLocker QakBot Ryuk SDBbot TrickBot Zloader |
2020-11-19 ⋅ Threatpost ⋅ APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies Quasar RAT Ryuk |
2020-11-18 ⋅ DomainTools ⋅ Analyzing Network Infrastructure as Composite Objects Ryuk |
2020-11-16 ⋅ Intel 471 ⋅ Ransomware-as-a-service: The pandemic within a pandemic Avaddon Ransomware Clop Conti Ransomware DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk SunCrypt ThunderX Ransomware |
2020-11-14 ⋅ Medium 0xastrovax ⋅ Deep Dive Into Ryuk Ransomware Hermes Ryuk |
2020-11-06 ⋅ Advanced Intelligence ⋅ Anatomy of Attack: Inside BazarBackdoor to Ryuk Ransomware "one" Group via Cobalt Strike BazarBackdoor Cobalt Strike Ryuk |
2020-11-05 ⋅ Twitter (@ffforward) ⋅ Tweet on Zloader infection leads to Cobaltstrike Installation and deployment of RYUK Cobalt Strike Ryuk Zloader |
2020-11-05 ⋅ SCYTHE ⋅ #ThreatThursday - Ryuk BazarBackdoor Ryuk |
2020-11-05 ⋅ The DFIR Report ⋅ Ryuk Speed Run, 2 Hours to Ransom BazarBackdoor Cobalt Strike Ryuk |
2020-11-05 ⋅ Github (scythe-io) ⋅ Ryuk Adversary Emulation Plan Ryuk |
2020-11-04 ⋅ VMRay ⋅ Trick or Threat: Ryuk ransomware targets the health care industry BazarBackdoor Cobalt Strike Ryuk TrickBot |
2020-10-31 ⋅ splunk ⋅ Ryuk and Splunk Detections Ryuk |
2020-10-30 ⋅ Github (ThreatConnect-Inc) ⋅ UNC 1878 Indicators from Threatconnect BazarBackdoor Cobalt Strike Ryuk |
2020-10-30 ⋅ Cofense ⋅ The Ryuk Threat: Why BazarBackdoor Matters Most BazarBackdoor Ryuk |
2020-10-29 ⋅ Bleeping Computer ⋅ Hacking group is targeting US hospitals with Ryuk ransomware Ryuk |
2020-10-29 ⋅ Palo Alto Networks Unit 42 ⋅ Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector Anchor BazarBackdoor Ryuk TrickBot |
2020-10-29 ⋅ Twitter (@anthomsec) ⋅ Tweet on UNC1878 activity BazarBackdoor Ryuk TrickBot UNC1878 |
2020-10-29 ⋅ CNN ⋅ Several hospitals targeted in new wave of ransomware attacks Ryuk |
2020-10-29 ⋅ Twitter (@SophosLabs) ⋅ Tweet on similarities between BUER in-memory loader & RYUK in-memory loader Buer Ryuk |
2020-10-29 ⋅ RiskIQ ⋅ Ryuk Ransomware: Extensive Attack Infrastructure Revealed Cobalt Strike Ryuk |
2020-10-29 ⋅ Reuters ⋅ Building wave of ransomware attacks strike U.S. hospitals Ryuk |
2020-10-29 ⋅ McAfee ⋅ McAfee Labs Threat Advisory Ransom-Ryuk Ryuk |
2020-10-29 ⋅ Red Canary ⋅ A Bazar start: How one hospital thwarted a Ryuk ransomware outbreak Cobalt Strike Ryuk TrickBot |
2020-10-28 ⋅ Youtube (SANS Institute) ⋅ Spooky RYUKy: The Return of UNC1878 | SANS STAR Webcast Ryuk UNC1878 |
2020-10-28 ⋅ CISA ⋅ AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector Anchor_DNS Anchor BazarBackdoor Ryuk |
2020-10-28 ⋅ Youtube (SANS Digital Forensics and Incident Response) ⋅ STAR Webcast: Spooky RYUKy: The Return of UNC1878 Ryuk |
2020-10-28 ⋅ FireEye ⋅ Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser BazarBackdoor Cobalt Strike Ryuk UNC1878 |
2020-10-28 ⋅ Github (aaronst) ⋅ UNC1878 indicators Ryuk UNC1878 |
2020-10-28 ⋅ KrebsOnSecurity ⋅ FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals Ryuk |
2020-10-28 ⋅ SophosLabs Uncut ⋅ Hacks for sale: inside the Buer Loader malware-as-a-service Buer Ryuk Zloader |
2020-10-27 ⋅ Bleeping Computer ⋅ Steelcase furniture giant hit by Ryuk ransomware attack Ryuk |
2020-10-26 ⋅ ThreatConnect ⋅ ThreatConnect Research Roundup: Ryuk and Domains Spoofing ESET and Microsoft Ryuk |
2020-10-22 ⋅ Bleeping Computer ⋅ French IT giant Sopra Steria hit by Ryuk ransomware Ryuk |
2020-10-22 ⋅ Sentinel LABS ⋅ An Inside Look at How Ryuk Evolved Its Encryption and Evasion Techniques Ryuk |
2020-10-20 ⋅ Bundesamt für Sicherheit in der Informationstechnik ⋅ Die Lage der IT-Sicherheit in Deutschland 2020 Clop Emotet REvil Ryuk TrickBot |
2020-10-18 ⋅ The DFIR Report ⋅ Ryuk in 5 Hours BazarBackdoor Cobalt Strike Ryuk |
2020-10-16 ⋅ CrowdStrike ⋅ WIZARD SPIDER Update: Resilient, Reactive and Resolute BazarBackdoor Conti Ransomware Ryuk TrickBot |
2020-10-16 ⋅ ThreatConnect ⋅ ThreatConnect Research Roundup: Possible Ryuk Infrastructure Ryuk |
2020-10-14 ⋅ Sophos ⋅ They’re back: inside a new Ryuk ransomware attack Cobalt Strike Ryuk SystemBC |
2020-10-13 ⋅ VirusTotal ⋅ Tracing fresh Ryuk campaigns itw Ryuk |
2020-10-12 ⋅ Symantec ⋅ Trickbot: U.S. Court Order Hits Botnet’s Infrastructure Ryuk TrickBot |
2020-10-12 ⋅ Microsoft ⋅ New action to combat ransomware ahead of U.S. elections Ryuk TrickBot |
2020-10-12 ⋅ Advanced Intelligence ⋅ "Front Door" into BazarBackdoor: Stealthy Cybercrime Weapon BazarBackdoor Cobalt Strike Ryuk |
2020-10-08 ⋅ The DFIR Report ⋅ Ryuk’s Return BazarBackdoor Cobalt Strike Ryuk |
2020-10-02 ⋅ Health Sector Cybersecurity Coordination Center (HC3) ⋅ Report 202010021600: Recent Bazarloader Use in Ransomware Campaigns BazarBackdoor Cobalt Strike Ryuk TrickBot |
2020-09-24 ⋅ Kaspersky Labs ⋅ Threat landscape for industrial automation systems - H1 2020 Poet RAT Mailto Milum RagnarLocker REvil Ryuk Snake Ransomware |
2020-09-01 ⋅ Cisco Talos ⋅ Quarterly Report: Incident Response trends in Summer 2020 Cobalt Strike LockBit Mailto Maze Ryuk |
2020-08-20 ⋅ sensecy ⋅ Global Ransomware Attacks in 2020: The Top 4 Vulnerabilities Clop Maze REvil Ryuk |
2020-08-18 ⋅ Arete ⋅ Is Conti the New Ryuk? Conti Ransomware Ryuk |
2020-08 ⋅ Temple University ⋅ Critical Infrastructure Ransomware Attacks CryptoLocker Cryptowall DoppelPaymer FriedEx Mailto Maze REvil Ryuk SamSam WannaCryptor |
2020-06-23 ⋅ Bleeping Computer ⋅ Ryuk ransomware deployed two weeks after Trickbot infection Ryuk |
2020-06-15 ⋅ Cisco Talos ⋅ Quarterly report: Incident Response trends in Summer 2020 Ryuk |
2020-05-05 ⋅ N1ght-W0lf Blog ⋅ Deep Analysis of Ryuk Ransomware Ryuk |
2020-04-19 ⋅ SecurityLiterate ⋅ Reversing Ryuk: A Technical Analysis of Ryuk Ransomware Ryuk |
2020-04-14 ⋅ Intel 471 ⋅ Understanding the relationship between Emotet, Ryuk and TrickBot Emotet Ryuk TrickBot |
2020-03-31 ⋅ FireEye ⋅ It’s Your Money and They Want It Now - The Cycle of Adversary Pursuit Ryuk TrickBot UNC1878 |
2020-03-25 ⋅ Wilbur Security ⋅ Trickbot to Ryuk in Two Hours Cobalt Strike Ryuk TrickBot |
2020-03-05 ⋅ Microsoft ⋅ Human-operated ransomware attacks: A preventable disaster Dharma DoppelPaymer Dridex EternalPetya Gandcrab Hermes LockerGoga MegaCortex MimiKatz REvil RobinHood Ryuk SamSam TrickBot WannaCryptor |
2020-03-04 ⋅ CrowdStrike ⋅ 2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER |
2020-03-04 ⋅ Bleeping Computer ⋅ Ryuk Ransomware Attacked Epiq Global Via TrickBot Infection Ryuk TrickBot |
2020-03-03 ⋅ PWC UK ⋅ Cyber Threats 2019:A Year in Retrospect KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare Axiom |
2020-03-02 ⋅ c't ⋅ Was Emotet anrichtet – und welche Lehren die Opfer daraus ziehen Emotet Ryuk |
2020-02-25 ⋅ RSA Conference ⋅ Feds Fighting Ransomware: How the FBI Investigates and How You Can Help FastCash Cerber Defray Dharma FriedEx Gandcrab GlobeImposter Mamba Phobos Ransomware Rapid Ransom REvil Ryuk SamSam Zeus |
2020-02-13 ⋅ Quick Heal ⋅ A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk Ryuk |
2020-02-12 ⋅ VMWare Carbon Black ⋅ Ryuk Ransomware Technical Analysis Ryuk |
2020-02-10 ⋅ Malwarebytes ⋅ 2020 State of Malware Report magecart Emotet QakBot REvil Ryuk TrickBot WannaCryptor |
2020-01-29 ⋅ ANSSI ⋅ État de la menace rançongiciel Clop Dharma FriedEx Gandcrab LockerGoga Maze MegaCortex REvil RobinHood Ryuk SamSam |
2020-01-29 ⋅ ZDNet ⋅ DOD contractor suffers ransomware infection Ryuk |
2020-01-24 ⋅ Bleeping Computer ⋅ New Ryuk Info Stealer Targets Government and Military Secrets Ryuk |
2020-01-24 ⋅ ReversingLabs ⋅ Hunting for Ransomware Ryuk |
2020-01-17 ⋅ Secureworks ⋅ Is It Wrong to Try to Find APT Techniques in Ransomware Attack? Defray Dharma FriedEx Gandcrab GlobeImposter Matrix Ransom MedusaLocker Phobos Ransomware REvil Ryuk SamSam Scarab Ransomware |
2020-01-14 ⋅ Bleeping Computer ⋅ Ryuk Ransomware Uses Wake-on-Lan To Encrypt Offline Devices Ryuk |
2020 ⋅ Secureworks ⋅ GOLD ULRICK Empire Downloader Ryuk TrickBot WIZARD SPIDER |
2020 ⋅ Blackberry ⋅ State of Ransomware Maze MedusaLocker Nefilim Ransomware Phobos Ransomware REvil Ryuk STOP Ransomware Zeppelin Ransomware |
2019-12-26 ⋅ Bleeping Computer ⋅ Ryuk Ransomware Stops Encrypting Linux Folders Ryuk |
2019-12-21 ⋅ Decrypt ⋅ How ransomware exploded in the age of Bitcoin Ryuk |
2019-12-19 ⋅ Malwarebytes ⋅ Threat spotlight: the curious case of Ryuk ransomware Ryuk |
2019-12-15 ⋅ Bleeping Computer ⋅ Ryuk Ransomware Likely Behind New Orleans Cyberattack Ryuk |
2019-12-09 ⋅ Emsisoft ⋅ Caution! Ryuk Ransomware decryptor damages larger files, even if you pay Ryuk |
2019-11-27 ⋅ Twitter (@Prosegur) ⋅ Tweet on Incident of Information Security Ryuk |
2019-11-06 ⋅ Heise Security ⋅ Emotet, Trickbot, Ryuk – ein explosiver Malware-Cocktail Emotet Ryuk TrickBot |
2019-11 ⋅ CCN-CERT ⋅ Informe Código Dañino CCN-CERT ID-26/19 Ryuk |
2019-11-01 ⋅ CrowdStrike ⋅ WIZARD SPIDER Adds New Features to Ryuk for Targeting Hosts on LAN Ryuk WIZARD SPIDER |
2019-05-09 ⋅ GovCERT.ch ⋅ Severe Ransomware Attacks Against Swiss SMEs Emotet LockerGoga Ryuk TrickBot |
2019-04-05 ⋅ FireEye ⋅ Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware LockerGoga Ryuk FIN6 |
2019-04-02 ⋅ Cybereason ⋅ Triple Threat: Emotet Deploys Trickbot to Steal Data & Spread Ryuk Ryuk TrickBot |
2019-03-26 ⋅ ANSSI ⋅ INFORMATIONS CONCERNANTLES RANÇONGICIELSLOCKERGOGA ET RYUK Ryuk |
2019-01-11 ⋅ FireEye ⋅ A Nasty Trick: From Credential Theft Malware to Business Disruption Ryuk TrickBot GRIM SPIDER WIZARD SPIDER |
2019-01-10 ⋅ CrowdStrike ⋅ Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware Ryuk GRIM SPIDER MUMMY SPIDER STARDUST CHOLLIMA WIZARD SPIDER |
2019-01-09 ⋅ McAfee ⋅ Ryuk Ransomware Attack: Rush to Attribution Misses the Point Ryuk |
2019 ⋅ Virus Bulletin ⋅ Shinigami's Revenge: The Long Tail of Ryuk Malware Ryuk |
2018-12-29 ⋅ Los Angeles Times ⋅ Malware attack disrupts delivery of L.A. Times and Tribune papers across the U.S. Ryuk |
2018-08-20 ⋅ Check Point ⋅ Ryuk Ransomware: A Targeted Campaign Break-Down Ryuk |