North Korea may be behind Ryuk, a new ransomware, that has earned $640,000 in BTC in just two weeks with targeted attacks.


A powerful new form of ransomware has been unleashed, and it has been very successful. Security firm Check Point states that Ryuk, the new ransomware, is targeting selected companies with deep pockets and has earned $640,000 in Bitcoin in just two weeks.

Successful Attacks

Unlike most ransomware attacks that focus on large spam campaigns and exploits, Ryuk is specifically tailored for attacks on individual companies. Check Point notes that its encryption scheme is focused and that only vital assets and resources of the victim are infected, with distribution and infection carried out manually by the hackers.

This means that the hackers have extensive knowledge of their victims beforehand. Check Point says that the nature of the Ryuk attack means “extensive network mapping, hacking and credential collection is required and takes place prior to each operation.”

Going for Big Bucks

The hackers are not playing for pennies. They are seeking some pretty hefty payouts and are targeting companies that can pony up the ransom in Bitcoin. Check Point states:

From the exploitation phase through to the encryption process and up to the ransom demand itself, the carefully operated Ryuk campaign is targeting enterprises that are capable of paying a lot of money in order to get back on track.

Ransomware attack

The hackers deliver one of two different letters to their victims. One letter is very blunt, demanding payment, while the other is far more polite. The ransom demanded typically varies between 15-35 BITC (currently $100,000 to $233,000). The highest ransom paid was 50 BTC ($333,000). Every day of not paying the ransom adds half a bitcoin to the total.

Check Point says that North Korea may be behind the Ryuk ransomware attacks. The code for the program is akin to HERMES, which was used by Lazarus, the hacker group associated with North Korea. In fact, markers in both programs are exactly the same.

This leads the security researchers to conclude that this new wave of attacks is being orchestrated by North Korea or some other group managed to get the source code for HERMES.

Plenty of Victims

Plenty of government and private enterprises have been hit by ransomware attacks. Hospitals have been forced to pay a ransom, and the city of Atlanta had their computer systems crippled earlier this year. Even the PGA Tour was the victim of an attack right before a major tournament.

Many security researchers believe North Korea is very active in ransomware attacks and hacks of cryptocurrency exchanges. Such crimes are being done to help put some much-needed cash into the country’s coffers. Now analysts say that Iran is dialing up ransomware attacks to counter the effects of trade sanctions by the United States.

Do you think North Korea is behind the Ryuk ransomware attacks? Let us know in the comments below.


Images courtesy of Shutterstock.

Tags: , , , , , ,

Leave a Reply

We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.