Ryuk Ransomware: Origins, Operation Mode, Mitigation

What is Ryuk Ransomware?

Ryukransomware-as-a-service (RaaS) group that’s been active since August 2018. It typically encrypts data on an infected system, rendering the data inaccessible until a is paid in untraceable . The operators behind Ryuk are known for running a private affiliate program where affiliates can submit applications and resumes to apply for membership. By the end of 2020, the operators behind Ryuk netted a total of $150 million.

Ryuk is at the top of the rankings, having payloads delivered by its affiliates. The gang’s affiliates were attacking approximately 20 companies every week in the last months of 2020, and, beginning with November 2020, they coordinated a massive wave of attacks on the US healthcare system.


According to researchers, Ryuk was developed and is currently operated by the GRIM SPIDER ( group), a splinter group traced back to WIZARD SPIDER, the criminal mastermind behind TrickBot. Russian in origin, GRIM SPIDER embraces WIZARD SPIDER’s big-game hunting ideology, whereas big trophies can be claimed by attacking big targets.

The APT group’s voracity for HVTs has left

Read More: https://heimdalsecurity.com/blog/ryuk-ransomware/