Security News > 2021 > February > Ryuk ransomware now self-spreads to other Windows LAN devices

Ryuk ransomware now self-spreads to other Windows LAN devices
2021-02-26 17:37

A new Ryuk ransomware variant with worm-like capabilities that allow it to spread to other devices on victims' local networks has been discovered by the French national cyber-security agency while investigating an attack in early 2021.

To propagate itself over the local network, the new Ryuk variant lists all the IP addresses in the local ARP cache and sends what looks like Wake-on-LAN packets to each of the discovered devices.

What makes this new Ryuk sample different is its capability to copy itself to other Windows devices on the victims' local networks.

Ryuk is a ransomware-as-a-service group first spotted in August 2018 that has left behind a long list of victims.

Ryuk is at the top of the RaaS rankings, with its payloads being discovered in roughly one in three ransomware attacks throughout the last year.

After following the money circuit from Ryuk ransomware victims, security researchers from threat intelligence companies Advanced Intelligence and HYAS estimate that the RaaS operation made at least $150 million.


News URL

https://www.bleepingcomputer.com/news/security/ryuk-ransomware-now-self-spreads-to-other-windows-lan-devices/