Latest in Gear

Image credit: solarseven via Getty Images

Ryuk ransomware banks $3.7 million in five months

It has the knack for staying dormant and focusing on big targets.
382 Shares
Share
Tweet
Share
Save

Sponsored Links

solarseven via Getty Images

The Ryuk ransomware hasn't just causing grief for newspapers -- it's also quite lucrative for its operators. Researchers at CrowdStrike and FireEye both estimate that the code has produced the equivalent of $3.7 million in bitcoin since August, spread across 52 payments. The key, analysts note, is the willingness to be patient and focus on big targets.

The attacks typically start by infecting systems with TrickBot malware (typically through methods like spam email) that gains access and, importantly, lets the intruders study their targets to determine the money-making potential. They look for the most critical systems and, as Ars Technica noted, will even pass on launching the Ryuk ransomware if the organization isn't large enough. This scouting will be somewhat familiar if you've seen campaigns like SamSam (the ransomware that hit the city of Atlanta), and it's just as disconcerting.

The operators are patient, too. They'll wait as long as a "full year" to encrypt a victim's data and demand a ransom, FireEye said.

It's not certain just who the perpetrators are, but the two security groups don't believe the users are North Korean despite the name. Instead, CrowdStrike (which nicknamed the attackers Grim Spider) suggests they might be Russian based on internet addresses and the occasional language reference. Either way, it's clear that ransomware is becoming all too profitable and could be a serious problem for larger companies and governments in the near future.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
382 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
'Dragon Ball Z: Kakarot' arrives on January 17th, 2020

'Dragon Ball Z: Kakarot' arrives on January 17th, 2020

View
Nintendo is holding an online 'Mario Kart 8 Deluxe' tournament this Sunday

Nintendo is holding an online 'Mario Kart 8 Deluxe' tournament this Sunday

View
LinkedIn's new quizzes can prove you're not lying on your resume

LinkedIn's new quizzes can prove you're not lying on your resume

View
Rockstar rolls out its own PC games launcher

Rockstar rolls out its own PC games launcher

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr