Organisations around the world have been hit by a new piece of ransomware known as Ryuk, which has been encrypting PCs, storage centres and data centres in what’s showing itself to be a carefully planned campaign.
Some organisations have paid an exceptionally high ransom to retrieve their files, and the total gain of the attackers has reached more than R9-million so far.
A leading cyber threat intelligence provider, say their analysis of Ryuk’s ransomware code shows a marked similarity to that of HERMES, which has done extensive damage itself: “[We] believe that the current wave of targeted attacks using Ryuk may either be the work of the HERMES operators, the allegedly North Korean group, or the work of an actor who has obtained the HERMES source code.”
Researchers also note that the Ryuk campaign seems to be targeting organisations that are capable of paying a lot of money to get themselves back up and running.