A new malware for getting ransom has been on the loose, collecting over $600,000 just in 14 days. Ryuk targets specifically chosen wealthy companies that pay ransom in Bitcoin.
“Fruitful” hacking
This new malware for ransom does not bother with scamming or frauds. Ryuk was developed to attack concrete individually selected companies. The analysts of Check Point security company are sure that the code of the ransomware is specifically targeted to infect only vital files and resources of the victims. Hackers themselves are busy with distribution and infection, doing it manually.
This requires very good and detailed knowledge of those planned to be attacked in advance. Hackers, reportedly, need network mapping and collecting a great amount of information about their victims before every single operation.
Going for high stakes
The developers of this Ryuk malware are not happy with small money, obviously. They are after some big ransom and looking for companies that can afford it, paying in Bitcoin.
They send two emails to their victims. One is rude to demand the ransom, usually between 15-35 Bitcoins ($100,000 to $200,000), the other one is very polite. The biggest paid out ransom so far has been 50 BTC.
North Korea’s tracks
Analysts believe that hackers from North Korea could be behind Ryuk, since the code to the malware is pretty similar to HERMES, the software used by the Lazarus group believed to be connected with North Korea. Besides, both programs bear exactly the same markers.
The victims
Among the companies and organizations hit by Ryuk are the US and European government agencies, companies, private firms, even hospitals and the PGA Tour.