Latest in Gear

Image credit:

Ryuk ransomware banks $3.7 million in five months

It has the knack for staying dormant and focusing on big targets.
Jon Fingas, @jonfingas
January 14, 2019
1 Shares
Share
Tweet
Share

Sponsored Links

solarseven via Getty Images

The Ryuk ransomware hasn't just causing grief for newspapers -- it's also quite lucrative for its operators. Researchers at CrowdStrike and FireEye both estimate that the code has produced the equivalent of $3.7 million in bitcoin since August, spread across 52 payments. The key, analysts note, is the willingness to be patient and focus on big targets.

The attacks typically start by infecting systems with TrickBot malware (typically through methods like spam email) that gains access and, importantly, lets the intruders study their targets to determine the money-making potential. They look for the most critical systems and, as Ars Technica noted, will even pass on launching the Ryuk ransomware if the organization isn't large enough. This scouting will be somewhat familiar if you've seen campaigns like SamSam (the ransomware that hit the city of Atlanta), and it's just as disconcerting.

The operators are patient, too. They'll wait as long as a "full year" to encrypt a victim's data and demand a ransom, FireEye said.

It's not certain just who the perpetrators are, but the two security groups don't believe the users are North Korean despite the name. Instead, CrowdStrike (which nicknamed the attackers Grim Spider) suggests they might be Russian based on internet addresses and the occasional language reference. Either way, it's clear that ransomware is becoming all too profitable and could be a serious problem for larger companies and governments in the near future.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1 Shares
Share
Tweet
Share

Popular on Engadget

Presenting the Best of CES 2021 winners!

Presenting the Best of CES 2021 winners!

View
Bloomberg: 'Cyberpunk 2077' full development didn't start until 2016

Bloomberg: 'Cyberpunk 2077' full development didn't start until 2016

View
Canon made a site that lets you 'take photos' from a real satellite

Canon made a site that lets you 'take photos' from a real satellite

View
Philips Hue module turns any light switch into a smart switch

Philips Hue module turns any light switch into a smart switch

View
The next iPhone might have an in-screen fingerprint scanner

The next iPhone might have an in-screen fingerprint scanner

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr