Security News > 2020 > November > How Ryuk Ransomware operators made $34 million from one victim
One hacker group that is targeting high-revenue companies with Ryuk ransomware received $34 million from one victim in exchange for the decryption key that unlocked their computers.
The threat actor is highly proficient at moving laterally inside a compromised network and erasing as much of their tracks as possible before detonating Ryuk ransomware.
Recent news of Ryuk ransomware reports on encrypted networks belonging to Universal Health Services, big-league IT services company Sopra Steria, Seyfarth Shaw law firm, office furniture giant Steelcase, and hospitals in Brooklyn and Vermont.
Analyzing the attack flow from an incident response engagement, Kremez notes that Ryuk group "One" too 15 steps to find available hosts on the network, steal admin-level credentials, and deploy Ryuk ransomware.
Upload execution batch scripts and the parsed network hosts and run Ryuk ransomware as via PsExec under different compromised users.