Jump to content

North Koreas' New Shinigami? - Ryuk Malware Makes Targeted Attacks

Sources:

CheckPoint
BleepingComputer

 

TL;DR

Ransomware containing source code similarities to the Hermes malware created by the Lazarus that stole almost $1 billion from Bangladesh has suddenly spiked in Activity.

 

Media:
fig1-3.png
 

Quotes/Excerpts:

Quote

A new ransomware strain named Ryuk is making the rounds... the group behind it has already made over $640,000. Attacks with this ransomware strain were first spotted last Monday. Security researchers from various companies have not been successful at identifying how this ransomware spreads and infects victims. It seems the attacks are targeted, i.e. a result of some manual compromise. Reason for this is that the malware needs Admin privileges to run, which it doesn't achieve on its own. Something else that executes it had to achieve this privilege,... But no artifact was found. Ryuk may be the work of the same people who developed the Hermes ransomware. The connection between the two is pretty obvious... connections between past Hermes versions and current Ryuk samples, both of which shared large swaths of code. Ryuk's targeted nature is never more obvious than when it comes to its ransom notes. There seems to be some adaptation made in the ransom notes. As for the ransomware's encryption, this is a classic AES-RSA combo that's usually undecryptable unless the Ryuk team made mistakes... researchers have not spotted such weakness in Ryuk, as of yet. Unique Bitcoin payment addresses are created for each victim. The new Ryuk ransomware strain appears to be a new attempt from the Lazarus Group at developing a SamSam-like strain to use in precise surgical strikes against selected organizations.

 

My Thoughts:

While the normal person is unlikely to get infected with this it's interesting to see state sponsored malware in action. Like this Bagladesh malware it looks like this is nothing more than a money grab. With North Korea not having pretty much any exports, I'm not surprised.

PLEASE QUOTE ME IF YOU ARE REPLYING TO ME

Desktop Build: Ryzen 7 2700X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 48GB Corsair DDR4 @ 3000MHz, RX5700 XT 8GB Sapphire Nitro+, Benq XL2730 1440p 144Hz FS

Retro Build: Intel Pentium III @ 500 MHz, Dell Optiplex G1 Full AT Tower, 768MB SDRAM @ 133MHz, Integrated Graphics, Generic 1024x768 60Hz Monitor


 

Link to post
Share on other sites

tfw your country is so broke they have to resort to malware to steal money

Check out my guide on how to scan cover art here!

Local asshole and 6th generation console enthusiast.

Link to post
Share on other sites

2 minutes ago, Dan Castellaneta said:

tfw your country is so broke they have to resort to malware to steal money

Maybe they said mean things about the Supreme Leader.

 

Never say mean things about the Supreme Leader.

Our Grace. The Feathered One. He shows us the way. His bob is majestic and shows us the path. Follow unto his guidance and His example. He knows the one true path. Our Saviour. Our Grace. Our Father Birb has taught us with His humble heart and gentle wing the way of the bob. Let us show Him our reverence and follow in His example. The True Path of the Feathered One. ~ Dimboble-dubabob III

Link to post
Share on other sites

5 minutes ago, DildorTheDecent said:

Maybe they said mean things about the Supreme Leader.

 

Never say mean things about the Supreme Leader.

or he will remove your security clearence

.

Link to post
Share on other sites

Just now, GoldenLag said:

What did you write?  The North Korean economy?

 

Cuz it must have died hard resorting to this

It was truly a Fire Sale

PLEASE QUOTE ME IF YOU ARE REPLYING TO ME

Desktop Build: Ryzen 7 2700X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 48GB Corsair DDR4 @ 3000MHz, RX5700 XT 8GB Sapphire Nitro+, Benq XL2730 1440p 144Hz FS

Retro Build: Intel Pentium III @ 500 MHz, Dell Optiplex G1 Full AT Tower, 768MB SDRAM @ 133MHz, Integrated Graphics, Generic 1024x768 60Hz Monitor


 

Link to post
Share on other sites

Reminder to everyone:

  • Windows 10 has ransomware protection via Windows Defender. It can lock all apps access to our personal folders, and only allow selected ones you pick (so add your programs).
  • If you sync with OneDrive or Google Drive and they get infected, you can revert back the files in time. If you don't use OneDrive, see with your cloud drive of choice if it support this feature.
  • Remember the 3x B's: Backup, Backup and Backup.
Link to post
Share on other sites

2 minutes ago, GoodBytes said:

Reminder to everyone:

  • Windows 10 has ransomware protection via Windows Defender. It can lock all apps access to our personal folders, and only allow selected ones you pick (so add your programs).
  • If you sync with OneDrive or Google Drive and they get infected, you can revert back the files in time. If you don't use OneDrive, see with your cloud drive of choice if it support this feature.
  • Remember the 3x B's: Backup, Backup and Backup.

My biggest thing is to keep my external passport backup my important files on it and then keep it unplugged and locked in my fireproof safe :)

 

 

Link to post
Share on other sites

24 minutes ago, GoodBytes said:

Reminder to everyone:

  • Windows 10 has ransomware protection via Windows Defender. It can lock all apps access to our personal folders, and only allow selected ones you pick (so add your programs).
  • If you sync with OneDrive or Google Drive and they get infected, you can revert back the files in time. If you don't use OneDrive, see with your cloud drive of choice if it support this feature.
  • Remember the 3x B's: Backup, Backup and Backup.

Also:

 

3 Copies of the Data

2 Different storage types (internal, cloud, removable)

1 Copy of the 3 offsite

 

I'm currently only using 2-2-0, but I'm planning on changing that next tax season, or maybe I should look into Petabyte Project 2: Google Bugaloo myself since I'm approaching 8TB quickly (curse you 4k videos)

PLEASE QUOTE ME IF YOU ARE REPLYING TO ME

Desktop Build: Ryzen 7 2700X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 48GB Corsair DDR4 @ 3000MHz, RX5700 XT 8GB Sapphire Nitro+, Benq XL2730 1440p 144Hz FS

Retro Build: Intel Pentium III @ 500 MHz, Dell Optiplex G1 Full AT Tower, 768MB SDRAM @ 133MHz, Integrated Graphics, Generic 1024x768 60Hz Monitor


 

Link to post
Share on other sites

1 hour ago, GoodBytes said:

Reminder to everyone:

  • Windows 10 has ransomware protection via Windows Defender. It can lock all apps access to our personal folders, and only allow selected ones you pick (so add your programs).
  • If you sync with OneDrive or Google Drive and they get infected, you can revert back the files in time. If you don't use OneDrive, see with your cloud drive of choice if it support this feature.
  • Remember the 3x B's: Backup, Backup and Backup.

Honestly I don't have anything of real importance on my computer. If infected I would simply reformat the drive and call it a day. 

Link to post
Share on other sites

12 hours ago, Dan Castellaneta said:

tfw your country is so broke they have to resort to malware to steal money

Better that than bombing countries, stealing their resources and killing countless civilian population in-between, like some of Western countries are doing. Amirite?

CPU: AMD Ryzen 7 3800X Motherboard: MSI B550 Tomahawk RAM: Kingston HyperX Predator RGB 32 GB (4x8GB) DDR4 GPU: EVGA RTX3090 FTW3 SSD: ADATA XPG SX8200 Pro 512 GB NVME | Samsung QVO 1TB SSD  HDD: Seagate Barracuda 4TB | Seagate Barracuda 8TB Case: Phanteks ECLIPSE P600S PSU: Corsair RM850x

 

 

 

 

I am a gamer, not because I don't have a life, but because I choose to have many.

 

Link to post
Share on other sites

1 minute ago, DaRk0 said:

Better that than bombing countries, stealing their resources and killing countless civilian population in-between, like some of Western countries are doing. Amirite?

Oh, you mean Russia. I didn't know they were Western!

Check out my guide on how to scan cover art here!

Local asshole and 6th generation console enthusiast.

Link to post
Share on other sites

1 minute ago, Dan Castellaneta said:

Oh, you mean Russia. I didn't know they were Western!

Nope, I didn't mean Russia. I specifically said Western countries. :D

CPU: AMD Ryzen 7 3800X Motherboard: MSI B550 Tomahawk RAM: Kingston HyperX Predator RGB 32 GB (4x8GB) DDR4 GPU: EVGA RTX3090 FTW3 SSD: ADATA XPG SX8200 Pro 512 GB NVME | Samsung QVO 1TB SSD  HDD: Seagate Barracuda 4TB | Seagate Barracuda 8TB Case: Phanteks ECLIPSE P600S PSU: Corsair RM850x

 

 

 

 

I am a gamer, not because I don't have a life, but because I choose to have many.

 

Link to post
Share on other sites

1 minute ago, DaRk0 said:

Nope, I didn't mean Russia. I specifically said Western countries. :D

Ah, right. You mean like a country that exports criminals, like Mexico.

This isn't an argument you're winning, mainly because you segwayed into it very poorly.

Check out my guide on how to scan cover art here!

Local asshole and 6th generation console enthusiast.

Link to post
Share on other sites

Just now, Dan Castellaneta said:

Ah, right. You mean like a country that exports criminals, like Mexico.

This isn't an argument you're winning, mainly because you segwayed into it very poorly.

It's not my intention to win any argument. I just need to look back to last 30 years, and see how many countries were destroyed by the west.

CPU: AMD Ryzen 7 3800X Motherboard: MSI B550 Tomahawk RAM: Kingston HyperX Predator RGB 32 GB (4x8GB) DDR4 GPU: EVGA RTX3090 FTW3 SSD: ADATA XPG SX8200 Pro 512 GB NVME | Samsung QVO 1TB SSD  HDD: Seagate Barracuda 4TB | Seagate Barracuda 8TB Case: Phanteks ECLIPSE P600S PSU: Corsair RM850x

 

 

 

 

I am a gamer, not because I don't have a life, but because I choose to have many.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×